hostnames resolving problem
Marcin Gryszkalis
mg at fork.pl
Sat Aug 23 12:57:50 PDT 2003
On 2003-08-23 05:11, Kelly Yancey wrote:
> The name resolution feature is already questionable: if the DNS mapping
> changes, should the firewall rule somehow be magically updated? I mean, you
> *did* ask for packets to be allowed to smtp.o2.pl didn't you?
I understand the point of view that it's questionable, but - as it *is*
implemented, it's just inconsistent. Relation between hosts and ips
is treated as 1-to-1 where it's 1-to-many.
I know I can just write
ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
${ipfw} add tcp from any to ${ip} setup
or something similar instead of changing ipfw code. But that's my just opinion
- that command interface is inconsistent.
> The feature you are requesting would reinforce the notion that a name is
> being used as the identifer for the host(s), when in fact it is not. For
> example, what if the Akamai's servers are authoritative for the domain: you
> might get a different set of hosts depending on where the box was sitting.
That's right - but again - it's not the point.
--
Marcin Gryszkalis
http://fork.pl
<><
More information about the freebsd-ipfw
mailing list