From owner-freebsd-current@FreeBSD.ORG  Mon Sep  6 06:59:42 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BB8D110656C5
	for <freebsd-current@freebsd.org>; Mon,  6 Sep 2010 06:59:42 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 46C328FC20
	for <freebsd-current@freebsd.org>; Mon,  6 Sep 2010 06:59:42 +0000 (UTC)
Received: (qmail 30515 invoked by uid 399); 6 Sep 2010 06:59:41 -0000
Received: from localhost (HELO ?192.168.0.142?) (dougb@dougbarton.us@127.0.0.1)
	by localhost with ESMTPAM; 6 Sep 2010 06:59:41 -0000
X-Originating-IP: 127.0.0.1
X-Sender: dougb@dougbarton.us
Message-ID: <4C84915A.1000703@FreeBSD.org>
Date: Sun, 05 Sep 2010 23:59:38 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Adrian Chadd <adrian@freebsd.org>
References: <4C825094.5040204@secover.com.br>	<20100905155311.GA48095@onelab2.iet.unipi.it>	<4C84364D.9070700@DataIX.net>
	<AANLkTi=Z_wV8rtNqfzPJn8Hg0vat1s-vrmnJsnA0D0mE@mail.gmail.com>
In-Reply-To: <AANLkTi=Z_wV8rtNqfzPJn8Hg0vat1s-vrmnJsnA0D0mE@mail.gmail.com>
X-Enigmail-Version: 1.1.1
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-current@freebsd.org, Luigi Rizzo <rizzo@iet.unipi.it>,
	Anderson Eduardo <listas@secover.com.br>
Subject: Re: Using ipfw table names instead of numbers.
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2010 06:59:42 -0000

On 09/05/2010 11:47 PM, Adrian Chadd wrote:
> I'd argue that "DNS" clue pushes the firewall out from a packet
> inspection thing and into a user-space application inspection thing.

It also opens up an attack vector on your firewall.


Doug

-- 

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/

	Computers are useless. They can only give you answers.
			-- Pablo Picasso