Subject: Re: DNS-based firewalling?
To: None <netbsd-users@netbsd.org>
From: Michael Smith <smithm@netapps.com.au>
List: netbsd-users
Date: 01/10/2005 11:23:26
On Mon, 10 Jan 2005 00:35:29 +0100 (CET)
Florian Stoehr <netbsd@wolfnode.de> wrote:
> I want a "you won't even connect at SMTP" solution in that case
I don't think it is a good idea to do a DNS lookup while filtering packets, and judging from the other responses it may not be doable anyway.
How about using your smtp daemon to build a list of IP addresses which you don't want to accept connections from and using pf to filter subsequent connections attempts?
--
Michael Smith