On Sat, Mar 22, 2014 at 02:59:20AM +0100, Lennart Poettering wrote: > No, firewalls don't do DNS-based filtering, since it's a security nightmare. Lennart, this isn't true as a general statement. Both Juniper and Cisco firewalls support FQDN-based access rules. Looks like Palo Alto Networks too although I have not used those. Of course, this doesn't demonstrate that it's a good idea, just that it is actually something people use and which there is demand for. If anything, though, I think this makes me less concerned about deprecating tcp_wrappers since people can find equivalent functionality elsewhere if they want it. (And, I think you could do it on Linux with dnsmasq's ipset functionality if you really wanted to.) -- Matthew Miller -- Fedora Project -- <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
