[ previous ] [ next ] [ threads ]
 
 From:  "Lee Sharp" <leesharp at hal dash pc dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] logical name against IP address
 Date:  Thu, 27 Oct 2005 11:15:31 -0500
From: "Paul Taylor" <PaulTaylor at winn dash dixie dot com>

> If you are referring to the firewall rules, you can create aliases,
> then use the alias name in your rules.  The advantage here is that if an 
> IP
> Address changes that you have multiple rules in place for, you can simply
> change the IP that the alias is pointing to...

> You can't simply use DNS names and expect the same behavior...  I
> mean, in that case it might be possible that someone could poison your DNS
> and have your rules allowing things you don't intend.

There is always a balance of security and convenience.  An example I use is 
a car.  If you want to make sure your car isn't stolen, put it up on blocks, 
and remove the wheels.  The problem is that it makes for a not very useful 
car. :-)  I think a switch (with a warning) allowing the use of FQDN would 
be a good thing.  There are times I would have liked it.

                        Lee