On 6 October 2015 at 00:46, James B. Byrne <byrnejb@xxxxxxxxxxxxx> wrote: > So, is there any convenient way to construct an IPTables rule to block > all IPs associated with a given Domain Name server? > You can use ipsets to block a large collection of IP addresses with netfilter. I block various problematic countries that way. The problem is getting _all_ the IP addresses associated with a DNS server. I don't think that is going to be easy/possible, unless that DNS sever has been badly misconfigured. K _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: Can one construct an IPTables rule to block on NS records?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Can one construct an IPTables rule to block on NS records?
- From: Kahlil Hodgson <kahlil.hodgson@xxxxxxxxxxxxxx>
- Date: Tue, 6 Oct 2015 22:25:02 +1100
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <3b4e3d948fbcb18499e17df4aa73936a.squirrel@webmail.harte-lyne.ca>
- References:
- Can one construct an IPTables rule to block on NS records?
- From: James B. Byrne
- Can one construct an IPTables rule to block on NS records?
- Prev by Date: Re: Systemd spends 6 min. to startup a host
- Next by Date: Re: Can one construct an IPTables rule to block on NS records?
- Previous by thread: Re: Can one construct an IPTables rule to block on NS records?
- Next by thread: CentOS-6.7 Kernel Panic
- Index(es):
 |