From owner-freebsd-questions Sat May 16 23:58:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA13938 for freebsd-questions-outgoing; Sat, 16 May 1998 23:58:24 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dc1.mfn.org (dc1.mfn.org [204.238.179.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA13924 for ; Sat, 16 May 1998 23:58:15 -0700 (PDT) (envelope-from sysadmin@mfn.org) Received: from w3svcs.mfn.org (unverified [204.238.179.11]) by mail.mfn.org (EMWAC SMTPRS 0.83) with SMTP id ; Sun, 17 May 1998 02:00:26 -0500 Received: by w3svcs.mfn.org with Microsoft Mail id <01BD8137.31C217F0@w3svcs.mfn.org>; Sun, 17 May 1998 01:57:49 -0500 Message-ID: <01BD8137.31C217F0@w3svcs.mfn.org> From: "J.A. Terranson" To: Restricted Use Test Acct , "'Julian Elischer'" Cc: "freebsd-questions@FreeBSD.ORG" Subject: RE: IPFW using DNS lookup? Date: Sun, 17 May 1998 01:57:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I understand and acknowledge the point, but there are *many* of us with redundant connections. I would trust some of my lookups from certain servers a LOT more than others. Either way, it *is* a valid point which is both well-taken and definitive (I guess) for my question... Thanks! J.A. Terranson sysadmin@mfn.org so that if someone can subvert your DNS your filewall is compromised? > > Is there any way to get ipfw to lookup a DNS entry so that I can: > > ipfw add 3000 allow udp from archie.cs.mcgill.ca 1023-65535..... > > or do I have to do this: > > ipfw add 3000 allow udp from 132.206.51.250...... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message