26 Apr
2004
26 Apr
'04
8:01 p.m.
DrWho? wrote:
My idea was to use a callback too hook port 80 and use a perl script to reverse lookup the ip address and look for .nz at the end and pass fail there after.
PAINFUL!! If you wanted it hidden you'd have do blackhole the port by default, sniff for attempted connections, look up the address, change firewalling on the fly.. and you're opening yourself up for a huge self-DoS if someone spoofs millions of random SYN packets at you. I believe there's a list of IP ranges that are allocated within New Zealand. configure your box to accept those and blackhole everything else. End of problem.