Skip site navigation (1)Skip section navigation (2)
Date:      24 Aug 2003 14:11:07 +0200
From:      "Clemens Fischer" <>
To:        "Marcin Gryszkalis" <>
Cc:        Kelly Yancey <>
Subject:   Re: hostnames resolving problem
Message-ID:  <>
In-Reply-To: <> (Marcin Gryszkalis's message of "Sat, 23 Aug 2003 21:39:56 +0200")
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
* Marcin Gryszkalis:

> On 2003-08-23 05:11, Kelly Yancey wrote:
>>   The name resolution feature is already questionable: if the DNS
>> mapping changes, should the firewall rule somehow be magically
>> updated?

i agree.

> I understand the point of view that it's questionable, but - as it
> *is* implemented, it's just inconsistent. Relation between hosts and
> ips is treated as 1-to-1 where it's 1-to-many.

> But that's my just opinion - that command interface is inconsistent.

... and with eg. HTTP hosts the relation can also be many-to-1.  with
the genral case beeing many-to-many, i'd vote for an update to the
manual page stating the "deficiency", especially with your nice

> ip=`host | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup


Want to link to this message? Use this URL: <>