[CentOS] iptables -d fqdn instead of IP

Marcus Moeller mail at marcus-moeller.de
Sun Nov 1 07:55:14 UTC 2009


Hi again.

>>  and I have some examples from my own personal experience. So I don't
>>  believe that you can say there is a "best" method, for all situations.
>
> Yes I can.  Host information can be spoofed.  So can IP Addresses.  Here is
> the point you are missing, if he is going to connect to your system then he
> is going to do it via IP address not using his FQDN and the network could
> care less about FQDN.  Packets are not routed using FQDN they are routed via
> IP Address and Mac's.  So while FQDN is an option it is not as reliable as
> the IP Address.  So what are you going to do now a reverse lookup?  How often
> do they match what you are looking for these days?  Not often.
>
> You can always create a packet that says you are this or that but without the
> true IP address you'll never get a response which means you will never get
> connected.

I agree on that and it's the reason why I finally decided not to use fqdns.

Thank you both for the detailed explanation :)

Best Regards
Marcus


More information about the CentOS mailing list