On Fri, Dec 06, 2002 at 12:02:56AM -0500, Small, Jim wrote:

> Is it possible to filter on domain names instead of/in addition to IPs?
> block out log quick on <IF> proto tcp from any to pornography.com
> 
> I would like to mention that I *know* it would be slow.  But let's say I'm
> stubborn and want to do it anyway!  How would I setup such a configuration?

Yes, the example you used will work. Note that the IP address lookup
is done at rule load time, not runtime.

Also, if you don't have a way of resolving those hostnames when you
load the rules, they will not be inserted.

g.