Packet filtering, in regards to section 3.3
Ian Jones
ian@dsl081-056-052.dsl-isp.net
Thu, 2 Aug 2001 22:25:47 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 02 August 2001 18:07, Erick Bourgeois wrote:
> Hi everyone,
>
> I was reading the new iptables HOWTO and found the section 3.3 (named "Why
> Would I Want to Packet Filter") quite interesting. Rusty talks about
> DENY'ing ads coming from doubleclick.net. He then suggests that "there are
> better ways of doing this though".
>
> What are the other *better* ways?
If you are protecting a network from doubleclick.net it would make the most
sense to make your nameserver resolve doubleclick (and others) as
non-existant places. This defeats the multiple IP's that ads.doubleclick.net
will return at any given time.
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
iD8DBQE7ajXcwBVKl/Nci0oRAiSHAKDU3JDkIO/rnONUQPz3O8h1GlxZrQCgw3mj
cPYxJ5jnpkfJkQx52Rt5Qlo=
=j7n2
-----END PGP SIGNATURE-----