You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a domain name shows up it should possibly be added to the resulting RPZ. This decison depends on what data we have on this name in other available sources.
Grey names: Typically we want to correlate a new grey name to other grey data and then filter the result against any white data. Black lists not involved
Black names: only filter against white data.
White names: these are interesting. Should it be possible to send a single white name as "intel" with the expectation that this would clean out that name from the output RPZ plus add the name to a local whitelist? Yes, I think that's reasonable.
RPZ whitelist source: suck it in, parse contents and toss anything that isn't "rpz-passthru". Store rest in a reasonably efficient data structure (eg. a map[string]bool).
RPZ blacklist: suck it in, parse contents and send any "rpz-passthru." actions to the local in-memory whitelist. Everything else goes into an in-memory blacklist of just names, no actions).
RPZ greylist: suck it in, parse it. Send all "rpz-passthru." actions into the in-memory whitelist. Send everything else (just names, not actions) into a local in-memory greylist for that source.
The text was updated successfully, but these errors were encountered:
When a domain name shows up it should possibly be added to the resulting RPZ. This decison depends on what data we have on this name in other available sources.
Grey names: Typically we want to correlate a new grey name to other grey data and then filter the result against any white data. Black lists not involved
Black names: only filter against white data.
White names: these are interesting. Should it be possible to send a single white name as "intel" with the expectation that this would clean out that name from the output RPZ plus add the name to a local whitelist? Yes, I think that's reasonable.
RPZ whitelist source: suck it in, parse contents and toss anything that isn't "rpz-passthru". Store rest in a reasonably efficient data structure (eg. a map[string]bool).
RPZ blacklist: suck it in, parse contents and send any "rpz-passthru." actions to the local in-memory whitelist. Everything else goes into an in-memory blacklist of just names, no actions).
RPZ greylist: suck it in, parse it. Send all "rpz-passthru." actions into the in-memory whitelist. Send everything else (just names, not actions) into a local in-memory greylist for that source.
The text was updated successfully, but these errors were encountered: