Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 29 Aug 2003 12:18:30 -0700 (PDT)
From:      Kelly Yancey <kbyanc@posi.net>
To:        Philip Reynolds <philip.reynolds@rfc-networks.ie>
Cc:        luigi@freebsd.org
Subject:   Re: hostnames resolving problem
Message-ID:  <20030829121458.W4705-100000@gateway.posi.net>
In-Reply-To: <20030825235426.GA74887@rfc-networks.ie>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 25 Aug 2003, Philip Reynolds wrote:

> Marcin Gryszkalis <mg@fork.pl> 33 lines of wisdom included:
> > On 2003-08-23 05:11, Kelly Yancey wrote:
> > >  The name resolution feature is already questionable: if the DNS mapping
> > >changes, should the firewall rule somehow be magically updated?  I mean,
> > >you
> > >*did* ask for packets to be allowed to smtp.o2.pl didn't you?
> > I understand the point of view that it's questionable, but - as it *is*
> > implemented, it's just inconsistent. Relation between hosts and ips
> > is treated as 1-to-1 where it's 1-to-many.
> >
> > I know I can just write
> >
> > ip=`host smtp.o2.pl | cut -f4 -d' ' | paste -s -d, -`
> > ${ipfw} add tcp from any to ${ip} setup
> >
> > or something similar instead of changing ipfw code. But that's my just
> > opinion
> >  - that command interface is inconsistent.
>
> Perhaps where more than one host is returned, the user should
> receive a warning?
>

  Great idea.  How about something along the lines of this (untested) patch:

RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.4.2.17
diff -u -p -r1.4.2.17 ipfw2.c
--- ipfw2.c	25 Jul 2003 08:23:07 -0000      1.4.2.17
+++ ipfw2.c	29 Aug 2003 19:14:33 -0000
@@ -1879,6 +1879,10 @@ lookup_host (char *host, struct in_addr
 		if ((he = gethostbyname(host)) == NULL)
 			return(-1);
 		*ipaddr = *(struct in_addr *)he->h_addr_list[0];
+		if (he->h_addr_list[1] != NULL) {
+			warn("%s resolved to multiple addresses, only using %s",
+			     host, inet_ntoa(*ipaddr));
+		}
 	}
 	return(0);
 }

  Kelly

--
Kelly Yancey -- kbyanc@{posi.net,FreeBSD.org}  -- kelly@nttmcl.com
Join distributed.net Team FreeBSD: http://www.posi.net/freebsd/Team-FreeBSD/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030829121458.W4705-100000>