[Bug 441] Feature Request; Resolve Domains/Hostnames
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Thu Feb 9 15:43:15 CET 2006
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=441
laforge at netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From laforge at netfilter.org 2006-02-09 15:43 MET -------
This is not a fix, it's a feature. Actually, we should remove support for
resolving host names alltogether. Why:
1) because we only look up the first A record and not further A records
2) because dns zones can change and we only resolve at ruleset loadtime
3) because DNS can easily be spoofed (and thus firewall rules changed)
4) because a good firewall should first load the ruleset, and only then enable
network traffic to the outside world and therefore cannot contact a DNS server.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the netfilter-buglog
mailing list