basic iptables question
This is a discussion on basic iptables question within the Linux Security forums, part of the System Security and Security Related category; When defining a network address why does the iptables man pages say its a bad idea to use a domain ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-22-2005
|
|||
|
|||
Re: basic iptables question
Aussie Fred wrote:
> When defining a network address why does the iptables man pages say its a > bad idea to use a domain name instead of an IP address? > One possible reason is that some domain names resolve to multiple addresses. In such cases, iptables needs to know which of the IPs provided to use, or whether to use all of them in some way. -- Scriptable IpTables rules with "Rope" http://www.lowth.com/rope 
|
|
03-22-2005
|
|||
|
|||
|
Re: basic iptables question
On 2005-03-21, Aussie Fred <fred012@hotmail.com> wrote:
> When defining a network address why does the iptables man pages say its a > bad idea to use a domain name instead of an IP address? Two possible reasons: 1) DNS may not be available at the time the iptables command executes (often you want iptables to run before the interfaces are up) 2) If you don't control the DNS of the name you are specifying, the owner of the domain can spoof any IP he wants to get around your rules --keith -- kkeller-usenet@wombat.san-francisco.ca.us (try just my userid to email me) AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom see X- headers for PGP signature information
|
Linear Mode
