[Bug 74610] Hostname resolution failure causes firewall rules to stop loading
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Nov 6 11:33:50 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=74610
Eugene Grosbein <eugen at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Assignee|freebsd-bugs at FreeBSD.org |eugen at freebsd.org
CC| |eugen at freebsd.org
Status|In Progress |Closed
Resolution|--- |Works As Intended
--- Comment #4 from Eugene Grosbein <eugen at freebsd.org> ---
DNS service is started way later that firewall configuration happens, so it is
error of administrator to rely on it in the ipfw ruleset processed at boot
time.
There are several ways to make it right, though:
- for simple cases, just add an IP address to /etc/hosts;
- for more correct behaviour, use ipfw table instead of direct FQDN usage:
ipfw table 1 create type addr
ipfw add allow ip from 'table(1)' to any
Then create rcNG startup script requiring "named" service (or local_unbound
etc.) that would populate table with all addresses of needed FQDN later when
DNS resolution service is running.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list