[Shorewall-users] Ways to get around DNS names in rules
Shawn Wright
swright at sls.bc.ca
Thu Mar 10 11:08:19 PST 2005
On 10 Mar 2005 at 10:18, Tom Eastep wrote:
> Shawn Wright wrote:
>
> >
> > This sounds like a good plan. I'll probably use djb's 'dnsip' tool instead,
> > as it gives nice clean output.
>
> Can't get much cleaner than this:
>
> teastep at ursa:~/Shorewall/Shorewall2> dig +short mail.blarg.net
> 206.124.128.86
> 206.124.128.85
> teastep at ursa:~/Shorewall/Shorewall2>
Agreed, I hadn't tried that switch. But I don't have dig installed on the
firewall... I'm running an instance of djbdns already, so the djb tools are
handy.
To save time, I'm going to just convert to IPs for now. I don't have enough
DNS names to justify the time getting a script written and debugged. I'll let
someone who needs it more than I do come up with a script.... ;-)
Thanks for the tips though, I'm starting to use the params file for some of
our VLANs and hosts.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca
More information about the Shorewall-users
mailing list