Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Aug 2003 23:54:26 +0000
From:      Philip Reynolds <philip.reynolds@rfc-networks.ie>
To:        freebsd-ipfw@freebsd.org
Subject:   Re: hostnames resolving problem
Message-ID:  <20030825235426.GA74887@rfc-networks.ie>
In-Reply-To: <3F47C30C.8070102@fork.pl>
References:  <20030822200153.V84903-100000@gateway.posi.net> <3F47C30C.8070102@fork.pl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Marcin Gryszkalis <mg@fork.pl> 33 lines of wisdom included:
> On 2003-08-23 05:11, Kelly Yancey wrote:
> >  The name resolution feature is already questionable: if the DNS mapping
> >changes, should the firewall rule somehow be magically updated?  I mean, 
> >you
> >*did* ask for packets to be allowed to smtp.o2.pl didn't you?
> I understand the point of view that it's questionable, but - as it *is*
> implemented, it's just inconsistent. Relation between hosts and ips
> is treated as 1-to-1 where it's 1-to-many.
> 
> I know I can just write
> 
> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup
> 
> or something similar instead of changing ipfw code. But that's my just 
> opinion
>  - that command interface is inconsistent.

Perhaps where more than one host is returned, the user should
receive a warning?

Regards,
-- 
Philip Reynolds                      | RFC Networks Ltd.
philip.reynolds@rfc-networks.ie      | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil  | www.rfc-networks.ie



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20030825235426.GA74887>