[Shorewall-users] Ways to get around DNS names in rules

Shawn Wright swright at sls.bc.ca
Wed Mar 9 11:44:34 PST 2005

I'm re-reading the section on dns names in the shorewall docs:

"I personally recommend strongly against using DNS names in 
Shorewall configuration files. If you use DNS names and you 
are called out of bed at 2:00AM because Shorewall won't start 
as a result of DNS problems then don't say that you were not 

Having been stung by this a few times over the years, I'm 
wondering if anyone has come up with a solution to this 
problem. Perhaps a conditional include file which will perform 
the lookups, and just ignore the rule if the dns lookup fails?

Just wondering if someone has a creative solution to the 
problem. Otherwise, I'll probably just convert the names to IPs 
by hand, then list the names in a comment. 

Shawn Wright, I.T. Manager
Shawnigan Lake School
swright at sls.bc.ca

More information about the Shorewall-users mailing list