From owner-freebsd-net@FreeBSD.ORG  Sun Jun  1 11:44:42 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2551A37B401
	for <freebsd-net@freebsd.org>; Sun,  1 Jun 2003 11:44:42 -0700 (PDT)
Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 547D443FAF
	for <freebsd-net@freebsd.org>; Sun,  1 Jun 2003 11:44:41 -0700 (PDT)
	(envelope-from cswiger@mac.com)
Received: from mac.com ([129.44.60.214]) by out004.verizon.net
          (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP
          id <20030601184440.BEMX246.out004.verizon.net@mac.com>;
          Sun, 1 Jun 2003 13:44:40 -0500
Message-ID: <3EDA498D.3000307@mac.com>
Date: Sun, 01 Jun 2003 14:44:29 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.4b) Gecko/20030507
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Petri Helenius <pete@he.iki.fi>
References: <001f01c32831$296b9210$812a40c1@PETEX31>
In-Reply-To: <001f01c32831$296b9210$812a40c1@PETEX31>
X-Enigmail-Version: 0.75.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from
	[129.44.60.214] at Sun, 1 Jun 2003 13:44:40 -0500
cc: freebsd-net@freebsd.org
Subject: Re: ipfw and hostnames
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2003 18:44:42 -0000

Petri Helenius wrote:
> How do I compile/load ipfw kld so that it has "default to accept" which seems to be
> required to allow hostnames to be used in firewall configuration loaded at boot time.

You are strongly advised to use IP addresses instead of hostnames in firewall 
rulesets, to avoid DNS spoofing attacks subverting your firewall.  Ideally, your 
firewall should function without depending on any external network resources.

-- 
-Chuck