Using DNS names when making iptables rules
Vik Heyndrickx
vik.heyndrickx@pandora.be
Sat, 12 Jan 2002 12:45:31 +0100
> -----Original Message-----
> From: Patrick Schaaf [mailto:bof@bof.de]
> Sent: Wednesday, January 09, 2002 7:53 AM
> To: Vik Heyndrickx
> Cc: Patrick Schaaf; Bryan Hundven; Damien Dye; netfilter@lists.samba.org
> Subject: Re: Using DNS names when making iptables rules
>
[snip]
> Performance impact would be minimal. Implementation of the pool extension
> would take a day or two. However, I have no desire to program the
> userspace
> part, so I never did start to implement this. Anybody interested in a
> collaboration?
If I only could spend the time and would know how to program kernel level
code...
> > Hence it's impossible to create a well engineered solution. And
> that makes
> > that solution-to-be cunning (you made me curious) ;-)
>
> Please, comment again, now you know the idea :)
I find the idea of an extra level of abstraction appealing. This could for
instance also be a framework to solve the problem where at least one of the
addresses of the firewall is non-static, like when set by DHCP, PPP or PPPoE
and these addresses are used in firewall rules.
--
Vik