Jared Griffith wrote:
I was wondering when you are going to have support for Domain names rather than just ip's for this platform. I like what you guys are doing, but my biggest complaint is that you don't have domain name support for your platform. FreeBSD's pf supports domain names in the firewall rules, so why don't you guys allow for it?
Because it wouldn't work the way people would want it to work, and would hence be a mess, and also because nobody has cared to add that support yet. The way pf handles DNS FQDN's in rulesets is to resolve them at the time the rules are loaded and use the resultant IP's in firewall rules. It ignores TTL's on the records and will never see any changes unless you set the ruleset to automatically reload periodically somehow (which alone in and of itself is a clusterfsck waiting to happen...).
Probably the biggest reason nobody has added support yet is because this functionality isn't all it's cracked up to be, and fixing it into something worthwhile would be a real mess...
Like Scott said, a bounty is the way to go here. I don't see it getting done anytime soon any other way.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
