Using ipfw table names instead of numbers.
Adrian Chadd
adrian at freebsd.org
Mon Sep 6 06:47:07 UTC 2010
I'd argue that "DNS" clue pushes the firewall out from a packet
inspection thing and into a user-space application inspection thing.
DNS entries in filter rules doesn't work as well in all situations as
you'd like. :)
Adrian
(who has done this, and it doesn't quite work right in all situations
thanks to split-horizon, per-user, geo-location, server-balancing
DNS..)
On 6 September 2010 08:31, jhell <jhell at dataix.net> wrote:
> On 09/05/2010 11:53, Luigi Rizzo wrote:
>> whereas one might want a more dynamic behaviour (e.g. refresh
>> whenever the DNS response expires).
>
> Lord that would be nice! if only PF had this ;)
>
> --
>
> jhell,v
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
More information about the freebsd-current
mailing list