From owner-freebsd-ipfw@FreeBSD.ORG Mon Aug 25 16:54:30 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D06F416A4C0 for ; Mon, 25 Aug 2003 16:54:30 -0700 (PDT) Received: from genua.rfc-networks.ie (genua.rfc-networks.ie [62.77.182.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id C997043F75 for ; Mon, 25 Aug 2003 16:54:29 -0700 (PDT) (envelope-from philip.reynolds@rfc-networks.ie) Received: from tear.domain (unknown [10.0.1.254]) by genua.rfc-networks.ie (Postfix) with ESMTP id 56903548BD for ; Tue, 26 Aug 2003 00:54:27 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id ED22D21155; Mon, 25 Aug 2003 23:54:26 +0000 (GMT) Date: Mon, 25 Aug 2003 23:54:26 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Message-ID: <20030825235426.GA74887@rfc-networks.ie> References: <20030822200153.V84903-100000@gateway.posi.net> <3F47C30C.8070102@fork.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F47C30C.8070102@fork.pl> X-Operating-System: FreeBSD 4.7-STABLE X-URL: http://www.rfc-networks.ie Subject: Re: hostnames resolving problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: philip.reynolds@rfc-networks.ie List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Aug 2003 23:54:30 -0000 Marcin Gryszkalis 33 lines of wisdom included: > On 2003-08-23 05:11, Kelly Yancey wrote: > > The name resolution feature is already questionable: if the DNS mapping > >changes, should the firewall rule somehow be magically updated? I mean, > >you > >*did* ask for packets to be allowed to smtp.o2.pl didn't you? > I understand the point of view that it's questionable, but - as it *is* > implemented, it's just inconsistent. Relation between hosts and ips > is treated as 1-to-1 where it's 1-to-many. > > I know I can just write > > ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -` > ${ipfw} add tcp from any to ${ip} setup > > or something similar instead of changing ipfw code. But that's my just > opinion > - that command interface is inconsistent. Perhaps where more than one host is returned, the user should receive a warning? Regards, -- Philip Reynolds | RFC Networks Ltd. philip.reynolds@rfc-networks.ie | +353 (0)1 8832063 http://people.rfc-networks.ie/~phil | www.rfc-networks.ie