[Shorewall-users] Ways to get around DNS names in rules

Shawn Wright swright at sls.bc.ca
Wed Mar 9 11:44:34 PST 2005


I'm re-reading the section on dns names in the shorewall docs:

"I personally recommend strongly against using DNS names in 
Shorewall configuration files. If you use DNS names and you 
are called out of bed at 2:00AM because Shorewall won't start 
as a result of DNS problems then don't say that you were not 
forewarned."

Having been stung by this a few times over the years, I'm 
wondering if anyone has come up with a solution to this 
problem. Perhaps a conditional include file which will perform 
the lookups, and just ignore the rule if the dns lookup fails?

Just wondering if someone has a creative solution to the 
problem. Otherwise, I'll probably just convert the names to IPs 
by hand, then list the names in a comment. 



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca




More information about the Shorewall-users mailing list