hostnames resolving problem
Kelly Yancey
kbyanc at posi.net
Sun Sep 7 16:50:10 PDT 2003
On 2 Sep 2003, Clemens Fischer wrote:
> * Kelly Yancey:
>
> > On 30 Aug 2003, Clemens Fischer wrote:
> >
> >> that would not be my cup of tea, because by this ipfw(8) becomes
> >> "unscriptable", ie. i'd have to grep(1) for messages and start from
> >> scratch again. i guess this problem should be detected and handled
> >> ahead of running ipfw(8). note that you can always use `-p
> >> preprocessor' for this.
> >
> > No you don't, it just warns, not exits. You'll get warnings
> > telling you that what you are doing is a Bad Idea, but you can send
> > them to /dev/null if you don't care.
>
> i know, but this doesn't put me at ease. since hosts can choose do
> implement DNS round-robin any time, this might not only be a bad idea,
> it might well be plain wrong, and i wouldn't even know. the patch
> should error-exit IMO, or people who need this feature should dream up
> their own m4 macros to handle this "feature".
>
> clemens
>
And they can add new IPs to the existing name after you run your macros, how
is it different? Hence the warning. I don't really care one way or the
other, I don't abuse the DNS resolution misfeature of ipfw; adding the
warnings would at least alert people to potential foot-shooting, since
preventing it would mean removing the "feature". Arguably, the warning should
be expanded to any use of names in rules.
Kelly
--
Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org}
Visit the BSD driver database: http://www.posi.net/freebsd/drivers/
More information about the freebsd-ipfw
mailing list