Packet filtering, in regards to section 3.3
Thu, 2 Aug 2001 22:25:47 -0700
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 02 August 2001 18:07, Erick Bourgeois wrote:
> Hi everyone,
> I was reading the new iptables HOWTO and found the section 3.3 (named "Why
> Would I Want to Packet Filter") quite interesting. Rusty talks about
> DENY'ing ads coming from doubleclick.net. He then suggests that "there are
> better ways of doing this though".
> What are the other *better* ways?
If you are protecting a network from doubleclick.net it would make the most
sense to make your nameserver resolve doubleclick (and others) as
non-existant places. This defeats the multiple IP's that ads.doubleclick.net
will return at any given time.
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
-----END PGP SIGNATURE-----