Skip site navigation (1)Skip section navigation (2)
Date:      24 Aug 2003 14:11:07 +0200
From:      "Clemens Fischer" <ino-qc@spotteswoode.de.eu.org>
To:        "Marcin Gryszkalis" <mg@fork.pl>
Cc:        Kelly Yancey <kbyanc@posi.net>
Subject:   Re: hostnames resolving problem
Message-ID:  <1xvbjlwk.fsf@ID-23066.news.dfncis.de>
In-Reply-To: <3F47C30C.8070102@fork.pl> (Marcin Gryszkalis's message of "Sat, 23 Aug 2003 21:39:56 +0200")
References:  <20030822200153.V84903-100000@gateway.posi.net> <3F47C30C.8070102@fork.pl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
* Marcin Gryszkalis:

> On 2003-08-23 05:11, Kelly Yancey wrote:
>>   The name resolution feature is already questionable: if the DNS
>> mapping changes, should the firewall rule somehow be magically
>> updated?

i agree.

> I understand the point of view that it's questionable, but - as it
> *is* implemented, it's just inconsistent. Relation between hosts and
> ips is treated as 1-to-1 where it's 1-to-many.

> But that's my just opinion - that command interface is inconsistent.

... and with eg. HTTP hosts the relation can also be many-to-1.  with
the genral case beeing many-to-many, i'd vote for an update to the
manual page stating the "deficiency", especially with your nice
workaround:

> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup

  clemens



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1xvbjlwk.fsf>