hostnames resolving problem
Philip Reynolds
philip.reynolds at rfc-networks.ie
Mon Aug 25 16:54:30 PDT 2003
Marcin Gryszkalis <mg at fork.pl> 33 lines of wisdom included:
> On 2003-08-23 05:11, Kelly Yancey wrote:
> > The name resolution feature is already questionable: if the DNS mapping
> >changes, should the firewall rule somehow be magically updated? I mean,
> >you
> >*did* ask for packets to be allowed to smtp.o2.pl didn't you?
> I understand the point of view that it's questionable, but - as it *is*
> implemented, it's just inconsistent. Relation between hosts and ips
> is treated as 1-to-1 where it's 1-to-many.
>
> I know I can just write
>
> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup
>
> or something similar instead of changing ipfw code. But that's my just
> opinion
> - that command interface is inconsistent.
Perhaps where more than one host is returned, the user should
receive a warning?
Regards,
--
Philip Reynolds | RFC Networks Ltd.
philip.reynolds at rfc-networks.ie | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil | www.rfc-networks.ie
More information about the freebsd-ipfw
mailing list