Lars Hansson wrote:
On Thursday 13 April 2006 18:05, Michael Schmidt wrote:
reading several man pages did give no answer to this:
Is there a way within pf that pf can detect especially those ip numbers
which do not belong to a hostname, in other words which are not
resolvable to hostnames?
No. Perhaps you could create some ugly cludge by logging all and have a cron
job read the pflog logfile and do reverse lookups but I highly doubt it would
be feasible or even work.
Meanwhile I have seen after having sent my initial mail that there is a
way similar to your suggestion without the need of explicit dns lookups,
as it includes implicit lookups.
In the pf.conf if you have any rule combined with log functionality then
its logged into the pflog file, that file contains either hostnames or
ip numbers, in case of ip numbers the ip numbers could not be resolved
to hostnames.
This behaviour is that a stand one?
The reason why I am asking is that I want to catch especially these
connections.
I cant help but ask why?
You are right to ask why.
The reason is I want to achieve this task: We have a few bad users which
give themselves ip numbers (free unused ones out of our pool), I want to
catch the ip numbers taken by those users.
--
Michael Schmidt MIRRORS:
DJGPP ftp://ftp.fh-koblenz.de/pub/DJGPP/
Ghostscript ftp://ftp.fh-koblenz.de/pub/Ghostscript/
