On Fri, Mar 15, 2013 at 11:16:53AM +0100, Gilles LAMIRAL wrote: > I need to use an hostname in a pf rule to allow a connection. > The hostname is needed because the resolution is dynamic, > it can change at any minute (TTL 60).
host names in pf.conf and friends are resolved at load time so it's either reload the pf.conf fairly often (a cron job comes to mind) or make the rule refer to a table that will only ever contain the freshly resolved IP address for that hostname and let a sufficiently frequent job (cron or otherwise) update the table with whatever the hostname currently resolves to. > I've seen I can do it with an anchor and a script flushing/adding the > hostname each minute or less, > I ask if there's a way less complicated and more understandable (reading > pf.conf). an anchor would work too, so you may have a workable solution there already. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
