I want to block any hosts that have at least two numeric numbers at the 3rd level of their host names, I.E., 181-8cc.xxx.com. right now i have something like all: *0*.*.com all: *1*.*.com and so forth... but this will catch hosts with only one numeric number in its name, too. i'm wondering if it is possible to specify at least 2 numbers for a match, and if so, how? thanks.

On Thu, 25 Oct 2007, in the Usenet newsgroup comp.os.linux.setup, in article <ffr4oc$7qm$1@netnews.hinet.net>, dayday@daydayday.info wrote: >I want to block any hosts that have at least two numeric numbers at >the 3rd level of their host names, I.E., 181-8cc.xxx.com. Understand that trying to block by _names_ is subject to DNS spoofing, and doesn't work when the id10t who is running the DNS server fails to configure PTR records for all systems. >right now i have something like >all: *0*.*.com >all: *1*.*.com and so forth... > >but this will catch hosts with only one numeric number in its name, too. By classic 'regular expressions' - that is what you told it to do. The '*0*' means "contains _A_ zero followed by none or more of the same character" - so xxx0 is OK, as is xxx00, xxx000, xxx0000, and so on. >i'm wondering if it is possible to specify at least 2 numbers for a match, >and if so, how? thanks. Why does this sound like a homework problem? Did you try *[0-9][0-9].* or *0+.* (and so on - you may need to escape the '+') or similar? Note that in the real world, this method of blocking is virtually useless. Please re-read the 'hosts_access'(5) man page, and pay attention to the logic of 'permitted' and 'blocked', and the fact that if not permitted in /etc/hosts.allow, AND not specifically blocked in /etc/hosts.deny, then the connection is allowed. You may find it easier to implement this bizarre logic in any standard firewall, but it's totally dependent on the DNS PTR records, and thus probably doomed to failure. Old guy