[EMAIL PROTECTED] writes: > PF sqawcks if a hostname in any of it's files are not currently > findable. Is there a reasonable way to have it gracefully skip missing > hosts and carry on?
Putting host names in your PF config files is a practice that comes with warnings in large, friendly, red and flashing letters attached. The whys and a few suggestions for workarounds have been discussed on the pf mailing list within the last few months. The main reason you do not want to make your firewall config depend on a name service being available is that, as you have already discovered, it makes your config a bit more brittle than otherwise. The workaround involves setting up a local name resolution with a cache that's persistent enough to survive reboots. In simple configs, that would possibly mean putting the ones you need in /etc/hosts, adding to your general admin checklist. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" 20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.
