On Thursday 29 July 2004 10:18 pm, Ashley M. Kirchner wrote:
> Antony Stone wrote:
> >where w.x.y.z could be 192.168.38.64/29 for example, to block destination
> >addresses 192.168.32.64 to 192.168.38.72
>
> Heh, I just realized this won't help a whole helluva lot because
> www.yahoo.com's round-robin setup isn't contiguous:
>
> And neither is www.hotmail.com (which redirects to passport.net anyway:
>
> Do you suppose there are servers on the missing IPs, but they're
> just not operational at the moment? (Which wouldn't surprise me to be
> honest.)
One way of looking at this is: "what does it matter anyway?"
Just block all TCP destination port 80 to the entire contiguous blocks - I
really can't imagine there are going to be any interesting websites in the
middle of the IPs of the ones you want to block, and restricting the rule to
port 80 means you don't affect any other services such as DNS or SMTP.
Regards,
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
