[CentOS] iptables -d fqdn instead of IP

Robert Spangler mlists at zoominternet.net
Fri Oct 30 21:36:56 UTC 2009


On Thursday 29 October 2009 19:57, Ryan Lynch wrote:

>  No offense, Robert, but I don't think yours is a very helpful
>  statement. 

I think it is about time you get off my back!

>  When someone asks about alternative web servers, do we just 
>  tell them "Best bet is to stay with Apache"? That's just an opaque
>  personal prejudice, and it doesn't give the guy asking the question
>  any new or helpful information.

It was an opinion and yes there were other replies that told him what he 
needed to know.  Don't assume I don't know anything.

>  I can definitely think of cases where using FQDNs is a better choice,

Please do explain.  On second thought never mind because I am really not 
interested.

>  and I have some examples from my own personal experience. So I don't
>  believe that you can say there is a "best" method, for all situations.

Yes I can.  Host information can be spoofed.  So can IP Addresses.  Here is 
the point you are missing, if he is going to connect to your system then he 
is going to do it via IP address not using his FQDN and the network could 
care less about FQDN.  Packets are not routed using FQDN they are routed via 
IP Address and Mac's.  So while FQDN is an option it is not as reliable as 
the IP Address.  So what are you going to do now a reverse lookup?  How often 
do they match what you are looking for these days?  Not often.

You can always create a packet that says you are this or that but without the 
true IP address you'll never get a response which means you will never get 
connected.

>  You might be ignorant of the applicable use cases, but that doesn't
>  mean they don't exist.

Ahh yes, you understand everyone problem and have the perfect solution.  
Please excuse me old wise one.  What an @ss.

Do not bother to respond on the list as you are just wasting everyones time.


-- 

Regards
Robert

Linux User #296285
http://counter.li.org



More information about the CentOS mailing list