Re: iptables -d fqdn instead of IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, Oct 29, 2009 at 17:12, Robert Spangler <mlists@xxxxxxxxxxxxxxxx> wrote:
> On Wednesday 28 October 2009 16:44, Marcus Moeller wrote:
>
>>  does it work to define iptables rules with a fqdn as destination
>>  instead of an IP address? Or is it useful to resolve the name first
>>  using e.g. nslookup, writing the result to a variable which is then
>>  used within the -d statement?
>
> Best bet it to stay with the address.

No offense, Robert, but I don't think yours is a very helpful
statement. When someone asks about alternative web servers, do we just
tell them "Best bet is to stay with Apache"? That's just an opaque
personal prejudice, and it doesn't give the guy asking the question
any new or helpful information.

I can definitely think of cases where using FQDNs is a better choice,
and I have some examples from my own personal experience. So I don't
believe that you can say there is a "best" method, for all situations.
You might be ignorant of the applicable use cases, but that doesn't
mean they don't exist.

Marcus can weigh the pros and cons of both methods, for his particular
case, and make an informed choice.

-Ryan
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux