[rbldnsd] Question regarding use of rbldnsd with MAPS RBL
Michael Tokarev
mjt at tls.msk.ru
Tue Apr 26 23:26:00 MSD 2005
Mark Hennessy wrote:
> What should an ACL file look like?
> If, for example, I want to allow all requests from 192.168.1.3 and
> 192.168.1.5, but reject requests from everywhere else, what would the file
> have to look like to achieve that result?
in terms of linux iptables:
iptables -A INPUT -p udp --dport 53 --source 192.168.1.3 -j ACCEPT
iptables -A INPUT -p udp --dport 53 --source 192.168.1.5 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j DROP
As I already said, this functionality -- when you want to allow a few
of your networks/hosts but disallow everything else -- is better be done
using firewall rules, not in rbldnsd. New ACL functionality in rbldnsd
designed to handle *large* ACLs, the ones which does not work good at
firewall level; and, to be able to return particular reply to particular
clients, which can't be done in most firewall implementations.
In currentl ACL implementation, there's no such functionality as to
"disallow everything else" - everything else works as normal. Maybe
there should be some "default" or "else action" too -- i don't know
yet.
/mjt
More information about the rbldnsd
mailing list