On Wed, 02 Mar 2005 18:05:58 -0500 (EST) "Michael T. Davis" <[EMAIL PROTECTED]> wrote:
> If an ipfilter rule specifies a hostname, rather than an IP > address, > when does name resolution occur? That is, is it during the loading of > the rules via ipf, a la... > > % ipf -I -Fa -f ipf.rules > > ...or does name resolution actually occur during rule processing (when > a packet hits the firewall)? FWIW, we're running ipf v3.3.18 under > OpenBSD 2.8. (It's old but it works. ;-) > Hosts, services, nets etc. are resolved during file parsing. ipfstat -io will show the actual rules in kernel memory. Regarding your current ipf version, make sure to apply kernel patch #027 which fixes an issue with "keep state". http://www.openbsd.org/errata28.html Best Regards /Johan
