[Dnsmasq-discuss] ipset-dns: Integrate Netfilter IPSet Support
Mr Dash Four
mr.dash.four at googlemail.com
Sun Feb 17 17:42:47 GMT 2013
> In an effort to prevent this thread from going off-topic, it's worth
> noting that the hash:net functionality of ipset has nothing to do with
> and does not replace the dnsmasq-ipset patches.
In an effort to prevent you from looking a bit daft, it's worth noting
that I my original post was in response to Sven's question (and your
subsequent follow-up) to filter/allow a subset of domains to be used - I
suggested in my post that you may use the "nomatch" option, which exists
in ipset when one wishes to filter/include sub-domains/ip ranges.
So, you'll do well to pipe down a bit, read my post before you jump the
gun and start acting like insecure virgin - I am in no way trying to
degrade or put down your patch or the work you've done in it (I like it,
in fact!), that was never my intention.
> It is very frequently
> the case that it is not possible to know aprioi the IP ranges used by
> a particular service, and instead the best way is via DNS lookup; see
> prior emails for more detail.
>
After you've done the lookup (and know the ip ranges) you may use that
"nomatch" option (you may also use this option even if you choose to
include the name, but, personally, I think that is a bad idea).
More information about the Dnsmasq-discuss
mailing list