Date: 24 Aug 2003 14:11:07 +0200 From: "Clemens Fischer" <ino-qc@spotteswoode.de.eu.org> To: "Marcin Gryszkalis" <mg@fork.pl> Cc: Kelly Yancey <kbyanc@posi.net> Subject: Re: hostnames resolving problem Message-ID: <1xvbjlwk.fsf@ID-23066.news.dfncis.de> In-Reply-To: <3F47C30C.8070102@fork.pl> (Marcin Gryszkalis's message of "Sat, 23 Aug 2003 21:39:56 %2B0200") References: <20030822200153.V84903-100000@gateway.posi.net> <3F47C30C.8070102@fork.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
* Marcin Gryszkalis:
> On 2003-08-23 05:11, Kelly Yancey wrote:
>> The name resolution feature is already questionable: if the DNS
>> mapping changes, should the firewall rule somehow be magically
>> updated?
i agree.
> I understand the point of view that it's questionable, but - as it
> *is* implemented, it's just inconsistent. Relation between hosts and
> ips is treated as 1-to-1 where it's 1-to-many.
> But that's my just opinion - that command interface is inconsistent.
... and with eg. HTTP hosts the relation can also be many-to-1. with
the genral case beeing many-to-many, i'd vote for an update to the
manual page stating the "deficiency", especially with your nice
workaround:
> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup
clemens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1xvbjlwk.fsf>