[CentOS] iptables -d fqdn instead of IP
Marcus Moeller
mail at marcus-moeller.deSun Nov 1 07:55:14 UTC 2009
- Previous message: [CentOS] Keeping iptables in sync across multiple machines
- Next message: [CentOS] Problem mounting CIFS shares with credential file after SAMBA update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi again. >> and I have some examples from my own personal experience. So I don't >> believe that you can say there is a "best" method, for all situations. > > Yes I can. Host information can be spoofed. So can IP Addresses. Here is > the point you are missing, if he is going to connect to your system then he > is going to do it via IP address not using his FQDN and the network could > care less about FQDN. Packets are not routed using FQDN they are routed via > IP Address and Mac's. So while FQDN is an option it is not as reliable as > the IP Address. So what are you going to do now a reverse lookup? How often > do they match what you are looking for these days? Not often. > > You can always create a packet that says you are this or that but without the > true IP address you'll never get a response which means you will never get > connected. I agree on that and it's the reason why I finally decided not to use fqdns. Thank you both for the detailed explanation :) Best Regards Marcus
- Previous message: [CentOS] Keeping iptables in sync across multiple machines
- Next message: [CentOS] Problem mounting CIFS shares with credential file after SAMBA update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list