Hi, Florian.

Somewhere, I thought that I saw some claims that ipf could let you
run an arbitrary command to decide about accepting/rejecting a packet.
I can't find this in the ipf.conf(5) man-page, though.  Can anyone
confirm that, or perhaps remember what I'm *really* thinking of?
Or do I need to exchange my memory chips for ones that work?

Such a script could easily do a reverse-DNS on the IP number and
pattern-match the resulting name.

I remember looking into this.  I remember some documentation
leading me to believe that I could do it.  I thought that
it applied to NetBSD and ipf.


It may also be easier to whitelist the IP numbers that you want to
accept mail from.  All .de IP numbers (why a country code? what if
a someone in Germany has a .com or .org or .net address? I'm in the
U.S., but have a .org...(^&) would present a tricky bit, but if it's
really just a small set of *friends* that you have in the .de top
level domain...

If you can whitelist a small set that that machine will accept
email from, then you can block everyone else.  (This may be
obvious to you, but I thought that I'd mention it.)


-- 
  "I probably don't know what I'm talking about."  http://www.olib.org/~rkr/