Am 4. Mai 2017 08:39:51 MESZ schrieb Janne Johansson <icepic...@gmail.com>: >I would make those rules have a table, and a cronjob to feed the table >with >the current ips that these hostnames resolve to.
Same here. >But of course, that implies you trust the replies you get all the time >from >that cronjob. > Is there no DNSsec enabled dynamic DNS service? ;) When you can't trust your (upstream) DNS server a whole new world of ugly hacks will open up. How about sharing signed files via SyncThing? ^^ Regards, Florian > >2017-05-03 22:16 GMT+02:00 Luke Small <lukensm...@gmail.com>: > >> Is it worthwhile to set up a hook for pf to load rules that have URLs >after >> the network services that can resolve them come into effect? >>
