I don't think you can really. Some things like svn for Google code might be static but most of their stuff is load balanced (rr, geo, or something else entirely).
I have this issue lots since I have a default deny for everything but http. You'll also have issues doing this for DNS (if you run a caching server) and whois. pool.ntp.org is ok too.
Basically, log stuff and allow as needed if the scope isn't too time consuming. Otherwise, choose whether you'd prefer to do without or allow 0.0.0.0/0 for some things. You might also look at making protocol specific rules with bro.
HTH
I don't need it. I want to create a white list for the firewall. I need the outgoing IPs of google, opendns etc.
For example google dns ip is 8.8.8.8 but outgoing ip is 8.8.8.0/24
Yurdum Yazılım
staticsafe <me@staticsafe.ca> wrote:
>On Sun, Jul 14, 2013 at 12:10:48AM +0300, M.Atıf CEYLAN wrote:
>> Hi all,
>> How can I learn big servers Ip addresses when outgoing for dns.(google dns or others). I could not find any list on their web sites.
>>
>> Yurdum Yazılım
>
>You want to do DNS lookups? You need the `dig` utility from the dnsutils
>package.
>
>`dig google.com`
>--
>staticsafe
>O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
>Please don't top post.
>Please don't CC! I'm subscribed to whatever list I just posted on.
>
>
>--
>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: [🔎] 20130713212235.GC17957@uriel.asininetech.com" target="_blank">http://lists.debian.org/[🔎] 20130713212235.GC17957@uriel.asininetech.com
>