Date: Sun, 7 Sep 2003 16:50:07 -0700 (PDT) From: Kelly Yancey <kbyanc@posi.net> To: Clemens Fischer <ino-qc@spotteswoode.de.eu.org> Cc: luigi@FreeBSD.org Subject: Re: hostnames resolving problem Message-ID: <20030907164709.K35080-100000@gateway.posi.net> In-Reply-To: <bru3yxym.fsf@ID-23066.news.dfncis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Sep 2003, Clemens Fischer wrote:
> * Kelly Yancey:
>
> > On 30 Aug 2003, Clemens Fischer wrote:
> >
> >> that would not be my cup of tea, because by this ipfw(8) becomes
> >> "unscriptable", ie. i'd have to grep(1) for messages and start from
> >> scratch again. i guess this problem should be detected and handled
> >> ahead of running ipfw(8). note that you can always use `-p
> >> preprocessor' for this.
> >
> > No you don't, it just warns, not exits. You'll get warnings
> > telling you that what you are doing is a Bad Idea, but you can send
> > them to /dev/null if you don't care.
>
> i know, but this doesn't put me at ease. since hosts can choose do
> implement DNS round-robin any time, this might not only be a bad idea,
> it might well be plain wrong, and i wouldn't even know. the patch
> should error-exit IMO, or people who need this feature should dream up
> their own m4 macros to handle this "feature".
>
> clemens
>
And they can add new IPs to the existing name after you run your macros, how
is it different? Hence the warning. I don't really care one way or the
other, I don't abuse the DNS resolution misfeature of ipfw; adding the
warnings would at least alert people to potential foot-shooting, since
preventing it would mean removing the "feature". Arguably, the warning should
be expanded to any use of names in rules.
Kelly
--
Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org}
Visit the BSD driver database: http://www.posi.net/freebsd/drivers/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030907164709.K35080-100000>