Date: Sun, 7 Sep 2003 16:50:07 -0700 (PDT) From: Kelly Yancey <kbyanc@posi.net> To: Clemens Fischer <ino-qc@spotteswoode.de.eu.org> Cc: luigi@FreeBSD.org Subject: Re: hostnames resolving problem Message-ID: <20030907164709.K35080-100000@gateway.posi.net> In-Reply-To: <bru3yxym.fsf@ID-23066.news.dfncis.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2 Sep 2003, Clemens Fischer wrote: > * Kelly Yancey: > > > On 30 Aug 2003, Clemens Fischer wrote: > > > >> that would not be my cup of tea, because by this ipfw(8) becomes > >> "unscriptable", ie. i'd have to grep(1) for messages and start from > >> scratch again. i guess this problem should be detected and handled > >> ahead of running ipfw(8). note that you can always use `-p > >> preprocessor' for this. > > > > No you don't, it just warns, not exits. You'll get warnings > > telling you that what you are doing is a Bad Idea, but you can send > > them to /dev/null if you don't care. > > i know, but this doesn't put me at ease. since hosts can choose do > implement DNS round-robin any time, this might not only be a bad idea, > it might well be plain wrong, and i wouldn't even know. the patch > should error-exit IMO, or people who need this feature should dream up > their own m4 macros to handle this "feature". > > clemens > And they can add new IPs to the existing name after you run your macros, how is it different? Hence the warning. I don't really care one way or the other, I don't abuse the DNS resolution misfeature of ipfw; adding the warnings would at least alert people to potential foot-shooting, since preventing it would mean removing the "feature". Arguably, the warning should be expanded to any use of names in rules. Kelly -- Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org} Visit the BSD driver database: http://www.posi.net/freebsd/drivers/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030907164709.K35080-100000>