RE: IP Vs DNS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 12 Oct 2005, Anthony Sadler wrote:


Prehaps instead of reload the whole table, why not just reload the particular rule?
Eg:

1. Ping www.name.com, dump IP into 1st file. Grep should help you here.
2. Pick up IP from 1st file and use it to write rule.

3. Ping www.name.com, dump IP into 2nd file.
4. Pick up IP from 2nd file and insert new rules.
5. Using 1st file, delete rules that correspond to 2nd IP.

6. Ping www.name.com, dump IP into 1st file.
7. Pick up IP from 1st file and use it to write rule.
8. Using 2nd file, delete rules that correspond to 2nd IP.

You should be able to kick off steps 1,2 yourself, then have scripts do steps 3-5 and 6-8. That way you should limit your downtime and processer usage.
As /dev/rob pointed out for those sites that do change on a regular basis, it might well work to script up and cron the first few steps with a tap fired off to the admin that a change has bee noted and to fire off the second round that affects the FW rule sets in question. Of course the question then is, does that mean that in even scripting through htese steps might they miss the next change of IP's entirely...
I think this is a good alternative, and if scripted correctly might save time and cpu cycles, but if done by hand certainly might work for the opposit. Still and I'm perhaps missing something, I'm trying to understand why, with a multi-hosted site, someone might want to push all their packets at a particular system and undo the load balancing and such that the site operator<s> put in place to ease congestion on their systems? 

Thanks,


Ron DuFresne
- -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTZfHst+vzJSwZikRAjivAKDZviVwlaGkChKAgOoApo+eCWXVrQCgnEUI
zDFr6wuqes56XhzRRk6KvIQ=
=Rp3H
-----END PGP SIGNATURE-----
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux