Hello,
I'm being told by my PCI QSA that IPTables supports DNS Names in kernel.
He is forcing me to use "DNS Names" in my "iptables-restore" formatted
save file. I am using a Fedora (FC2) based Firewall (with some updated
packages to fix things)... its quite Old... (which they also don't like)
using IPTables v1.2.9.
The problem is, IPTables only deals with "IP Addresses" in its structure
and doesn't have "dynamic" IP resolution and only resolves on
"runtime/load". Now if I use "iptables-save" the file format does NOT in
fact use DNS and only dumps the IP Address.
What I need is the actual documentation that seems TERRIBLY hard to find
on this very subject...
He is also claiming that other firewalls solutions (aka Proprietary, aka
Cisco) "dynamically" resolve rules... which I believe is incorrect, as
well.
Please point me at some place I can find "authoritative" documentation
for this situation for me to either "suck it up" or to give him direct
docs for him to include in our Audit.
Thanks. Hopefully I have stated the issue well enough.
--
greg folkert - systems administration and support
web: donor.com
email: greg@xxxxxxxxx
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"If the only prayer you ever say in your entire life is thank you, it
will be enough."
-- Meister Eckhart
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
