Re: [PATCH iptables]: xtables: tolerate DNS lookup failures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2025-03-07 16:24, Guido Trentalancia wrote:

>Of course, if the DNS is not available the "evil hacker" rule is
>skipped when this patch is merged.
>
>However the drawbacks of not applying this patch are far worse, because
> if the DNS is not available and some rules in the table contain domain
>names, then all rules are skipped and the operation is aborted even for
>numeric IP addresses and resolvable names.

A silent/ignored error is much worse than an explicit error;
the latter you can at least test for, scripting or otherwise.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux