On Thu, 25 Oct 2007, in the Usenet newsgroup comp.os.linux.setup, in article
, dayday@daydayday.info wrote:

>I want to block any hosts that have at least two numeric numbers at
>the 3rd level of their host names, I.E., 181-8cc.xxx.com.

Understand that trying to block by _names_ is subject to DNS spoofing,
and doesn't work when the id10t who is running the DNS server fails
to configure PTR records for all systems.

>right now i have something like
>all: *0*.*.com
>all: *1*.*.com and so forth...
>
>but this will catch hosts with only one numeric number in its name, too.

By classic 'regular expressions' - that is what you told it to do. The
'*0*' means "contains _A_ zero followed by none or more of the same
character" - so xxx0 is OK, as is xxx00, xxx000, xxx0000, and so on.

>i'm wondering if it is possible to specify at least 2 numbers for a match,
>and if so, how? thanks.

Why does this sound like a homework problem? Did you try *[0-9][0-9].*
or *0+.* (and so on - you may need to escape the '+') or similar?

Note that in the real world, this method of blocking is virtually useless.
Please re-read the 'hosts_access'(5) man page, and pay attention to the
logic of 'permitted' and 'blocked', and the fact that if not permitted
in /etc/hosts.allow, AND not specifically blocked in /etc/hosts.deny,
then the connection is allowed.

You may find it easier to implement this bizarre logic in any standard
firewall, but it's totally dependent on the DNS PTR records, and thus
probably doomed to failure.

Old guy