Package: ferm Version: 1.2.4-1 Severity: wishlist Hi
With a line of
proto tcp daddr (www.foo.org) ACCEPT;
ferm generates
-A allowed-outgoing -d www.foo.org -p tcp -j ACCEPT
which is correct, but may lead to problems if dns isnt available during
the time ferm runs. Yesyes, i could use ips directly, but they might
change and hey, what do we have dns for if we then just use ips?
So, it would be nice to have an option in ferm (like, name daddr dnsaddr
and saddr similar?), which will resolve hostnames during the time ferm
runs. Not leave it for later. (Yes, i especially need it for a
--fast/--shell output).
Yes, I can emulate that slightly by typing
proto tcp daddr (`host -t A www.google.de|awk '{print $NF}'`) ACCEPT;
which generates
-A allowed-outgoing -d 209.85.135.103 -p tcp -j ACCEPT
-A allowed-outgoing -d 209.85.135.104 -p tcp -j ACCEPT
-A allowed-outgoing -d 209.85.135.147 -p tcp -j ACCEPT
and works, but it feels wrong to implement such a thing yourself in a
firewall rule parser. :)
--
bye Joerg
<maxx> Aqua mach mal man brain....
<Aquariophile> maxx: schon probiert das gibts ned
pgpHv8y7jV610.pgp
Description: PGP signature
