[CentOS] iptables -d fqdn instead of IP
mail at marcus-moeller.de
Sun Nov 1 07:55:14 UTC 2009
>> and I have some examples from my own personal experience. So I don't
>> believe that you can say there is a "best" method, for all situations.
> Yes I can. Host information can be spoofed. So can IP Addresses. Here is
> the point you are missing, if he is going to connect to your system then he
> is going to do it via IP address not using his FQDN and the network could
> care less about FQDN. Packets are not routed using FQDN they are routed via
> IP Address and Mac's. So while FQDN is an option it is not as reliable as
> the IP Address. So what are you going to do now a reverse lookup? How often
> do they match what you are looking for these days? Not often.
> You can always create a packet that says you are this or that but without the
> true IP address you'll never get a response which means you will never get
I agree on that and it's the reason why I finally decided not to use fqdns.
Thank you both for the detailed explanation :)
More information about the CentOS