Re: iptables -d fqdn instead of IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi again.

>>  and I have some examples from my own personal experience. So I don't
>>  believe that you can say there is a "best" method, for all situations.
>
> Yes I can.  Host information can be spoofed.  So can IP Addresses.  Here is
> the point you are missing, if he is going to connect to your system then he
> is going to do it via IP address not using his FQDN and the network could
> care less about FQDN.  Packets are not routed using FQDN they are routed via
> IP Address and Mac's.  So while FQDN is an option it is not as reliable as
> the IP Address.  So what are you going to do now a reverse lookup?  How often
> do they match what you are looking for these days?  Not often.
>
> You can always create a packet that says you are this or that but without the
> true IP address you'll never get a response which means you will never get
> connected.

I agree on that and it's the reason why I finally decided not to use fqdns.

Thank you both for the detailed explanation :)

Best Regards
Marcus
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux