Le sam 12/06/2004 à 23:27, Spiro Azkoul a écrit : > Is it possible to block any packets that ride on a specific domain by > domain? I know blocking is possible based on IP/Subnet, but wanted to > double-check the domain Unless you use a dedicated userspace application using QUEUE target to reverse lookup source and/or destination IP, you can't. Netfilter is a paquet filter and works on IP, not names. Moreover, I think it would generate too much latency if you had to check DNS for packets at firewall level. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
