[CentOS] iptables -d fqdn instead of IP
Robert Spangler
mlists at zoominternet.net
Fri Oct 30 21:36:56 UTC 2009
On Thursday 29 October 2009 19:57, Ryan Lynch wrote:
> No offense, Robert, but I don't think yours is a very helpful
> statement.
I think it is about time you get off my back!
> When someone asks about alternative web servers, do we just
> tell them "Best bet is to stay with Apache"? That's just an opaque
> personal prejudice, and it doesn't give the guy asking the question
> any new or helpful information.
It was an opinion and yes there were other replies that told him what he
needed to know. Don't assume I don't know anything.
> I can definitely think of cases where using FQDNs is a better choice,
Please do explain. On second thought never mind because I am really not
interested.
> and I have some examples from my own personal experience. So I don't
> believe that you can say there is a "best" method, for all situations.
Yes I can. Host information can be spoofed. So can IP Addresses. Here is
the point you are missing, if he is going to connect to your system then he
is going to do it via IP address not using his FQDN and the network could
care less about FQDN. Packets are not routed using FQDN they are routed via
IP Address and Mac's. So while FQDN is an option it is not as reliable as
the IP Address. So what are you going to do now a reverse lookup? How often
do they match what you are looking for these days? Not often.
You can always create a packet that says you are this or that but without the
true IP address you'll never get a response which means you will never get
connected.
> You might be ignorant of the applicable use cases, but that doesn't
> mean they don't exist.
Ahh yes, you understand everyone problem and have the perfect solution.
Please excuse me old wise one. What an @ss.
Do not bother to respond on the list as you are just wasting everyones time.
--
Regards
Robert
Linux User #296285
http://counter.li.org
More information about the CentOS
mailing list