Date: Sat, 23 Aug 2003 21:39:56 +0200 From: Marcin Gryszkalis <mg@fork.pl> To: Kelly Yancey <kbyanc@posi.net> Cc: freebsd-ipfw@freebsd.org Subject: Re: hostnames resolving problem Message-ID: <3F47C30C.8070102@fork.pl> In-Reply-To: <20030822200153.V84903-100000@gateway.posi.net> References: <20030822200153.V84903-100000@gateway.posi.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2003-08-23 05:11, Kelly Yancey wrote: > The name resolution feature is already questionable: if the DNS mapping > changes, should the firewall rule somehow be magically updated? I mean, you > *did* ask for packets to be allowed to smtp.o2.pl didn't you? I understand the point of view that it's questionable, but - as it *is* implemented, it's just inconsistent. Relation between hosts and ips is treated as 1-to-1 where it's 1-to-many. I know I can just write ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -` ${ipfw} add tcp from any to ${ip} setup or something similar instead of changing ipfw code. But that's my just opinion - that command interface is inconsistent. > The feature you are requesting would reinforce the notion that a name is > being used as the identifer for the host(s), when in fact it is not. For > example, what if the Akamai's servers are authoritative for the domain: you > might get a different set of hosts depending on where the box was sitting. That's right - but again - it's not the point. -- Marcin Gryszkalis http://fork.pl <><
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F47C30C.8070102>