Date: Mon, 6 Sep 2010 14:47:06 +0800 From: Adrian Chadd <adrian@freebsd.org> To: jhell <jhell@dataix.net> Cc: freebsd-current@freebsd.org, Luigi Rizzo <rizzo@iet.unipi.it>, Anderson Eduardo <listas@secover.com.br> Subject: Re: Using ipfw table names instead of numbers. Message-ID: <AANLkTi=Z_wV8rtNqfzPJn8Hg0vat1s-vrmnJsnA0D0mE@mail.gmail.com> In-Reply-To: <4C84364D.9070700@DataIX.net> References: <4C825094.5040204@secover.com.br> <20100905155311.GA48095@onelab2.iet.unipi.it> <4C84364D.9070700@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'd argue that "DNS" clue pushes the firewall out from a packet inspection thing and into a user-space application inspection thing. DNS entries in filter rules doesn't work as well in all situations as you'd like. :) Adrian (who has done this, and it doesn't quite work right in all situations thanks to split-horizon, per-user, geo-location, server-balancing DNS..) On 6 September 2010 08:31, jhell <jhell@dataix.net> wrote: > On 09/05/2010 11:53, Luigi Rizzo wrote: >> whereas one might want a more dynamic behaviour (e.g. refresh >> whenever the DNS response expires). > > Lord that would be nice! if only PF had this ;) > > -- > > =A0jhell,v > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org= " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=Z_wV8rtNqfzPJn8Hg0vat1s-vrmnJsnA0D0mE>