Date: Mon, 25 Aug 2003 23:54:26 +0000 From: Philip Reynolds <philip.reynolds@rfc-networks.ie> To: freebsd-ipfw@freebsd.org Subject: Re: hostnames resolving problem Message-ID: <20030825235426.GA74887@rfc-networks.ie> In-Reply-To: <3F47C30C.8070102@fork.pl> References: <20030822200153.V84903-100000@gateway.posi.net> <3F47C30C.8070102@fork.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Marcin Gryszkalis <mg@fork.pl> 33 lines of wisdom included:
> On 2003-08-23 05:11, Kelly Yancey wrote:
> > The name resolution feature is already questionable: if the DNS mapping
> >changes, should the firewall rule somehow be magically updated? I mean,
> >you
> >*did* ask for packets to be allowed to smtp.o2.pl didn't you?
> I understand the point of view that it's questionable, but - as it *is*
> implemented, it's just inconsistent. Relation between hosts and ips
> is treated as 1-to-1 where it's 1-to-many.
>
> I know I can just write
>
> ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> ${ipfw} add tcp from any to ${ip} setup
>
> or something similar instead of changing ipfw code. But that's my just
> opinion
> - that command interface is inconsistent.
Perhaps where more than one host is returned, the user should
receive a warning?
Regards,
--
Philip Reynolds | RFC Networks Ltd.
philip.reynolds@rfc-networks.ie | +353 (0)1 8832063
http://people.rfc-networks.ie/~phil | www.rfc-networks.ie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030825235426.GA74887>