Re: [m0n0wall] FAQ # 16.11...blocking website won't work ?

From:	"Chris Buechler" <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] FAQ # 16.11...blocking website won't work ?
Date:	Wed, 2 Aug 2006 17:20:51 -0400

On 8/2/06, Bob Young <bob at lavamail dot net> wrote:
>
> I pinged the website name, so it would come back with the IP address of the
> website.  So I used that IP address to reject.
>

Most bigger sites use round robin DNS, so pinging isn't sufficient
with many sites.

like:
C:\>nslookup
Default Server:  ...
Address:  ...

> google.com
Server:  ...
Address:  ...

Name:    google.com
Addresses:  64.233.167.99, 72.14.207.99, 64.233.187.99

With that said, you also probably don't want to be blocking entire
networks, just single IP's.  Use single host rather than network in
the drop down on the destination on the firewall page.

-Chris