From owner-freebsd-current@FreeBSD.ORG Mon Sep 6 06:47:07 2010 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AD6E10656CA for ; Mon, 6 Sep 2010 06:47:07 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 41C778FC15 for ; Mon, 6 Sep 2010 06:47:06 +0000 (UTC) Received: by gwb15 with SMTP id 15so1695518gwb.13 for ; Sun, 05 Sep 2010 23:47:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=22tq6WwTChCzBn3SDtysRJT93OJuIXiNQ9BEEoGY0VE=; b=mD3IUL3IYDQ5ciyPNk1i3G37mEjCUS0SH07oKF8oaauP3IiRjsNdpglDrgBCFjwALe RggKrReEMxg7Vgz5YyWU+DAjn09pwUEPkGN66BnBHznckTF/qJ5lCDttXYKI5+4lKD/l xw9tWiMgmyjsLX72BcX+GUijQTFX8HUm0b260= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=rQ2BYw0yL4uzJE1YQTctzrqaJcuXPJfuErrSem2S+jYU7OOeTTSVw9Bpz9HG/L4Nu8 arxhMuAPSgihJ4gMmud8I4mchyW6GTN8nnUiR3DZ0Q9erLpHimdi3KYki63qc7T6jlxi NTiFV07ud0HbROFUquhQYKD1o31I2njqsWIvU= MIME-Version: 1.0 Received: by 10.151.48.17 with SMTP id a17mr1390391ybk.95.1283755626339; Sun, 05 Sep 2010 23:47:06 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.231.168.14 with HTTP; Sun, 5 Sep 2010 23:47:06 -0700 (PDT) In-Reply-To: <4C84364D.9070700@DataIX.net> References: <4C825094.5040204@secover.com.br> <20100905155311.GA48095@onelab2.iet.unipi.it> <4C84364D.9070700@DataIX.net> Date: Mon, 6 Sep 2010 14:47:06 +0800 X-Google-Sender-Auth: uXvGFrizShsyAF4mVEqYc0ILZvw Message-ID: From: Adrian Chadd To: jhell Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-current@freebsd.org, Luigi Rizzo , Anderson Eduardo Subject: Re: Using ipfw table names instead of numbers. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Sep 2010 06:47:07 -0000 I'd argue that "DNS" clue pushes the firewall out from a packet inspection thing and into a user-space application inspection thing. DNS entries in filter rules doesn't work as well in all situations as you'd like. :) Adrian (who has done this, and it doesn't quite work right in all situations thanks to split-horizon, per-user, geo-location, server-balancing DNS..) On 6 September 2010 08:31, jhell wrote: > On 09/05/2010 11:53, Luigi Rizzo wrote: >> whereas one might want a more dynamic behaviour (e.g. refresh >> whenever the DNS response expires). > > Lord that would be nice! if only PF had this ;) > > -- > > =A0jhell,v > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org= " >