ipfw and hostnames

[Petri Helenius]

>
> If your firewall needs to perform *any* DNS queries, what happens if the DNS
> server(s) are down or unreachable when the firewall tries to restart?  Does it
> fail in a way that you are happy with?
>
That´s an another defect in ipfw client utility, it stops processing rules if
it fails to lookup something. There should at least be a switch to allow
it to continue and ignore the lines it cannot do.

And in case you were wondering, I don´t believe in perimeter security,
so we run packet filters on all machines, not just on something some people
call the magic-security-device-on-the-border alias "firewall".

Pete