On Mon, Aug 13, 2007 at 10:52:02AM +0200, Divan Santana wrote: > In South Africa its not so easy/cheap to get a static IP so we use > dynamic dns often and therefore sometimes have to use dns names in > the rules file.
Whatever you are doing, it sounds like a bad idea. Are you aware that DNS responses can be trivially faked by an attacker? There's no particular reason to expect the value returned from a DNS query over the public internet to be accurate. This sort of thing is only really appropriate for local DNS servers, and that doesn't sound like what you have here. (And that's before considering that the DNS result picked up by shorewall is going to continue being used even when somebody else has received that IP address, until shorewall is next restarted) You probably want to create restrictions based on something other than the IP address. If you told us more about what you're doing, we might have some better ideas. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
