I'd argue that "DNS" clue pushes the firewall out from a packet inspection thing and into a user-space application inspection thing.
DNS entries in filter rules doesn't work as well in all situations as you'd like. :) Adrian (who has done this, and it doesn't quite work right in all situations thanks to split-horizon, per-user, geo-location, server-balancing DNS..) On 6 September 2010 08:31, jhell <jh...@dataix.net> wrote: > On 09/05/2010 11:53, Luigi Rizzo wrote: >> whereas one might want a more dynamic behaviour (e.g. refresh >> whenever the DNS response expires). > > Lord that would be nice! if only PF had this ;) > > -- > > jhell,v > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" > _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
