[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: blocklistd: How to keep my dynamic IP from getting blocked
On Sat, Apr 03, 2021 at 06:02:03PM +0530, Mayuresh wrote:
> > BTW does blacklistd.conf accept hostname instead of IP, which I can
> > manipulate in /etc/hosts?
> PS: I mean, I tried that way but it didn't work (hostname with /etc/hosts
> entry didn't work, IP did). Wondering whether it's supposed to be that
Firewalls (and many other security-related configs) in general
require you to state everything in terms of fixed addresses and
not (DNS-dependent) hostnames, for good reasons:
- There is a chicken and egg problem: the fw system needs working
DNS in order to insert rules; the DNS needs a working fw in order
to resolve names.
- It would be / is expensive to continuously update rules and
re-resolve symbolic hostnames while the firewall is running.
Because DNS name resolution is cache-dependend, it also leads
to ill-defined behaviour. You usually do not want that with
- Where the DNS is under external control, your rules suddenly refer
to addresses under external control. Again, you do not want that.
I understand that you are trying to use a hostname in /etc/hosts
well under your local control and locally resolvable. I'm not
suprised though that bl[oa]cklistd requires strictly numeric
addresses, because of the reasons above.
Main Index |
Thread Index |