On 02/26/2006 04:38:12 PM, [EMAIL PROTECTED] wrote:
PF sqawcks if a hostname in any of it's files are not currently
findable. Is there a reasonable way to have it gracefully skip
missing
hosts and carry on?
No. The best you can do is:
1) Do not use hostnames for hosts outside your DNS zones.
2) Run a local DNS secondary of your zones on the box
running pf, and do not start pf until rc.local (best
combined with a sysctl that keeps forwarding turned off
until after pf _successfully_ starts.)
This still requires care because removing a RR from DNS
can then break your firewall, and you won't know until
after you try to reload the pf.conf. So, it would then
be good practice to re-parse the pf.conf after every zone
change.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
