Date: Mon, 2 Jun 2003 09:50:59 +0300 From: "Petri Helenius" <pete@he.iki.fi> To: "Chuck Swiger" <cswiger@mac.com>, <freebsd-net@freebsd.org> Subject: Re: ipfw and hostnames Message-ID: <00d701c328d3$54612910$812a40c1@PETEX31> References: <001f01c32831$296b9210$812a40c1@PETEX31><3EDA498D.3000307@mac.com> <008f01c32875$c210c730$812a40c1@PETEX31> <3EDA5A7F.6060204@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > If your firewall needs to perform *any* DNS queries, what happens if the DNS > server(s) are down or unreachable when the firewall tries to restart? Does it > fail in a way that you are happy with? > Thatīs an another defect in ipfw client utility, it stops processing rules if it fails to lookup something. There should at least be a switch to allow it to continue and ignore the lines it cannot do. And in case you were wondering, I donīt believe in perimeter security, so we run packet filters on all machines, not just on something some people call the magic-security-device-on-the-border alias "firewall". Pete
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00d701c328d3$54612910$812a40c1>