On Mon, 3 Dec 2001, Conrad Williams wrote: > Can iptables be made generic with filters like www.*sex*.com* ??? And could > this catch most before they even arrive? > Conrad If mail.spammer.com resolves to an IP (and if you have a good DNS) then you can use it in the place of an IP on the iptables rule. Examples => postmastergeneral.com offerpromo.com broadwing.net I do not know how to use a wild card (like in your example) on an iptables rule, (it seems to me) you can only deal with hosts or networks. You can deny entire IP ranges using network masks with an iptables rule. Example => 199.95.207.0/24 10.207.95.199.in-addr.arpa. domain name pointer network-199-95-207-10.dclk.net ::dc:: David Correa RHCE CCNA _ _ _ _ _ _ _ _ ___ ____ ____ _ _ tech@linux-tech.com | | |\ | | | \/ | |___ | |__| http://www.linux-tech.com |___ | | \| |__| _/\_ | |___ |___ | | ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
