Here's the situation. I run a low traffic family history/genealogy website on my local box. My "customers" are family members who access the site from their home machines, all of which - so far as I can tell - use dynamic ip addresses.
My current firewall policy is "accept all", with daily additions to my bad guys (block) list. It's becoming tiresome, however, and I'd like to change policy to "deny all" while still allowing my present "customers" and any future additions relative ease of access. I'm fairly comfortable with IPFW config but am not clever enough to be able to figure out how to accommodate dynamic addresses in a "deny all" policy. How do I do this without accepting all addresses in a block (e.g., all rgv.rr.com)? It'd be great if I could just specify an address as email@example.com, but IPFW seems to insist on numeric ip-addresses.
Thanksin advance for any help; dope slaps, gratuitous insults cheerfully accepted as well.
Stumped Ol' Bob