How can I define a "zone" of all systems with non-country domain names, i.e. *.com, *.org, *.net? (Do I correctly assume this would be a subset of my ''net'' zone and so would involve the [hosts] configuration file? What else do I need to do?) tia! -- Chuck Kollars - principal Kollars Informatics Ipswich, Massachusetts, USA Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Chuck Kollars wrote:> How can I define a "zone" of all systems with non-country domain names, i.e. *.com, *.org, *.net? >That''s not practical with Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep escribió:> Chuck Kollars wrote: >> How can I define a "zone" of all systems with non-country domain names, i.e. *.com, *.org, *.net? >> > > That''s not practical with Shorewall. >and is also generally an awful idea. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Cristian Rodriguez wrote:> Tom Eastep escribió: >> Chuck Kollars wrote: >>> How can I define a "zone" of all systems with non-country domain names, i.e. *.com, *.org, *.net? >>> >> That''s not practical with Shorewall. >> > > and is also generally an awful idea.I can add that there is a "geoip match" patch for Netfilter/iptables available on the net. It was recently removed from patch-o-matic-ng because the netfilter team were unable to identify a maintainer for it. Shorewall has no in-built support for geoip match and won''t have such support unless and until geoip becomes part of the standard Netfilter/iptables distribution. I hope that will never happen because the main use of geoip match seems to be for filtering traffic based on the country of origin. Many people (including myself) find that practice to be offensive. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Friday 30 June 2006 16:05, Tom Eastep wrote:> Cristian Rodriguez wrote: > > Tom Eastep escribió: > >> Chuck Kollars wrote: > >>> How can I define a "zone" of all systems with non-country domain names, > >>> i.e. *.com, *.org, *.net? > >> > >> That''s not practical with Shorewall. > > > > and is also generally an awful idea. > > I can add that there is a "geoip match" patch for Netfilter/iptables > available on the net. It was recently removed from patch-o-matic-ng because > the netfilter team were unable to identify a maintainer for it. Shorewall > has no in-built support for geoip match and won''t have such support unless > and until geoip becomes part of the standard Netfilter/iptables > distribution. I hope that will never happen because the main use of geoip > match seems to be for filtering traffic based on the country of origin. > Many people (including myself) find that practice to be offensive.I hope it does: Most of my spam comes specifically from California and it''s not like that state''s ever been a good neighbor to Oregon and Washington... -- Paul Johnson Email and IM (XMPP & Google Talk): baloo@ursine.ca Jabber: Because it''s time to move forward http://ursine.ca/Ursine:Jabber Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Paul Johnson wrote:> > I hope it does: Most of my spam comes specifically from California and it''s > not like that state''s ever been a good neighbor to Oregon and Washington... >And once you block email from California, you won''t be able to read this mailing list any more since it is hosted in Menlo Park. And since the list administrator has a thing against Oregon, he blocks all posts from state (especially from Gresham) so you won''t be able to find out why you aren''t getting any mail from the list. See why I think this whole idea is silly? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Paul Johnson escribió:> I hope it does: Most of my spam comes specifically from California and it''s > not like that state''s ever been a good neighbor to Oregon and Washington... >that was another awful idea, really... you have to be crazy to implement such a silly thing. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Fri, 2006-06-30 at 16:52 -0700, Paul Johnson wrote:> On Friday 30 June 2006 16:05, Tom Eastep wrote:> > I can add that there is a "geoip match" patch for Netfilter/iptables > > available on the net. It was recently removed from patch-o-matic-ng because > > the netfilter team were unable to identify a maintainer for it. Shorewall > > has no in-built support for geoip match and won''t have such support unless > > and until geoip becomes part of the standard Netfilter/iptables > > distribution. I hope that will never happen because the main use of geoip > > match seems to be for filtering traffic based on the country of origin. > > Many people (including myself) find that practice to be offensive. > > I hope it does: Most of my spam comes specifically from California and it''s > not like that state''s ever been a good neighbor to Oregon and Washington...Reading the other replies to this post... Am I the only one who believes this to be sarcasm? Well, at least I had a good laugh. :-) FWIW, I do agree whole-heartedly with Tom and others, that geo based filtering is not a good idea and discriminatory, to say the least. Karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Wednesday 05 July 2006 04:01, Karsten Bräckelmann wrote:> On Fri, 2006-06-30 at 16:52 -0700, Paul Johnson wrote: > > On Friday 30 June 2006 16:05, Tom Eastep wrote: > > > I can add that there is a "geoip match" patch for Netfilter/iptables > > > available on the net. It was recently removed from patch-o-matic-ng > > > because the netfilter team were unable to identify a maintainer for it. > > > Shorewall has no in-built support for geoip match and won''t have such > > > support unless and until geoip becomes part of the standard > > > Netfilter/iptables distribution. I hope that will never happen because > > > the main use of geoip match seems to be for filtering traffic based on > > > the country of origin. Many people (including myself) find that > > > practice to be offensive. > > > > I hope it does: Most of my spam comes specifically from California and > > it''s not like that state''s ever been a good neighbor to Oregon and > > Washington... > > Reading the other replies to this post... Am I the only one who believes > this to be sarcasm?It isn''t. I can''t remember the last time anything good came from California. -- Paul Johnson Email and IM (XMPP & Google Talk): baloo@ursine.ca Jabber: Because it''s time to move forward http://ursine.ca/Ursine:Jabber Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Karsten Bräckelmann wrote:> ... > Reading the other replies to this post... Am I the only one who believes > this to be sarcasm? > > Well, at least I had a good laugh. :-)My humour filter identified it as humour, although the absence of smilies lowered its score. :-) Paul Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Paul Johnson wrote:> ... >>> I hope it does: Most of my spam comes specifically from California and >>> it''s not like that state''s ever been a good neighbor to Oregon and >>> Washington... >> Reading the other replies to this post... Am I the only one who believes >> this to be sarcasm? > > It isn''t. I can''t remember the last time anything good came from California.Your last Shorewall download probably came from California. ;-) Paul Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Wed, 2006-07-05 at 14:18 -0700, Paul Johnson wrote:> On Wednesday 05 July 2006 04:01, Karsten Bräckelmann wrote:> > Reading the other replies to this post... Am I the only one who believes > > this to be sarcasm? > > It isn''t. I can''t remember the last time anything good came from California.Ah, too bad. Your Spam reference really was funny. But in this case... Kindly take elsewhere. Karsten -- [ESR] Eric S. Raymond: "How To Ask Questions The Smart Way" http://www.catb.org/~esr/faqs/smart-questions.html [SGT] Simon G. Tatham: "How to Report Bugs Effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642