On 29.02.2012 12:35, E.S. Rosenberg wrote:
> As far as I always understood from the docs (but I may be wrong) any
> domain listed in a dstdomain list will also cover the IP associated
> with the domain IF the IP has that domain related to it when you do a
> reverse lookup on the IP.
> So for most big websites/domains that will usually work but small
> sites that are hosted at home generally resolve back to the ISP and
> not to the domain they are hosting...
Yes.
For the edge case dstdom_regex with an IP address pattern:
acl numeric_IPs dstdom_regex
^[a-z]://(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\]))/
>
> The dst type list also does the reverse lookup if I recall
> correctly...
It does name->IP conversion for a numeric comparison.
Amos
Received on Wed Feb 29 2012 - 03:01:14 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:06 MST