<br><br><div class="gmail_quote">On Sat, Oct 2, 2010 at 4:37 PM, bruce bruce <span dir="ltr"><<a href="mailto:bruceb444@gmail.com">bruceb444@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Thanks Roger. <div><br></div><div>I will be trying this box to see what I can do. Otherwise, I'd probably have to find a list of all of the Rogers (The ISP providing internet to these boxes) IPs to at least limit the attacks to Rogers ISP.</div>
<div><br></div><div>hmmm....</div><div><br></div><div><br></div><div>Or maybe secure is using DNS like this: sdlfjdsfJ#@$523k4j98sd7fkjh324#@$<a href="http://832.dyndns.org" target="_blank">832.dyndns.org</a></div><div>
<br></div><div>
^^^^^^^^^^^^^^^^^^^^isn't that a security feature in itself?</div><div><br></div><div>Thanks<div><div></div><div class="h5"><br><div><br></div><div><br><br><div class="gmail_quote">On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West <span dir="ltr"><<a href="mailto:roger@firedrake.org" target="_blank">roger@firedrake.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote:<br>
>Can't I in my ip tables just accept the <a href="http://pap2t.dyndns.org" target="_blank">pap2t.dyndns.org</a> if that is bind to<br>
>the PAP2T? do you think the devices comes in with it's external IP rather<br>
>than the dyndns domain?<br>
<br>
</div>Yes. An IP datagram carries only the source and destination IP<br>
addresses, not the DNS names associated with them. Your firewall _may_<br>
be able to accept a DNS name to block or allow rather than an IP<br>
address, but most don't, and doing so makes you vulnerable to DNS<br>
spoofing attacks.<br>
<br>
To go further would be thoroughly off-topic for this list.<br>
<br>
Roger<br>
<font color="#888888"><br>
--<br>
</font><div><div></div><div>_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br></div></div></div></div>
<br>--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div>You're not going to be able to put a dns hostname in the iptables, but you could have a script that runs at times and gets the ip address for your dynamic hostname and allows that.