Re: Proposed Improvements to NPF

To: Rhialto <rhialto%falu.nl@localhost>
Subject: Re: Proposed Improvements to NPF
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Sat, 07 Jun 2025 10:00:49 -0400

Rhialto <rhialto%falu.nl@localhost> writes:

> On Sat 07 Jun 2025 at 06:52:55 -0400, Greg Troxel wrote:
>> Josh Moyer <JMoyer%nodomain.net@localhost> writes:
>> 
>> > 3: DNS hostname lookup support.  (Is this a bad idea from a remote
>> > firewall rule manipulation attack type of perspective?)
>> 
>> (I agree with Edgar's chicken/egg comment.)
>
> Maybe Josh doesn't literally mean DNS lookup but just name lookup in
> general. That can also work with /etc/hosts or whatever else in
> /etc/nsswitch.conf that doesn't need to access the network before it has
> been set up.

Maybe, but to me the point is to accomodate a known host at a new
address.   We'll see what Josh says....

Follow-Ups:
- RE: Proposed Improvements to NPF
  - From: Josh Moyer

References:
- Proposed Improvements to NPF
  - From: Josh Moyer
- Re: Proposed Improvements to NPF
  - From: Greg Troxel
- Re: Proposed Improvements to NPF
  - From: Rhialto

Prev by Date: Re: Proposed Improvements to NPF
Next by Date: RE: Proposed Improvements to NPF
Previous by Thread: Re: Proposed Improvements to NPF
Next by Thread: RE: Proposed Improvements to NPF
Indexes:

Home | Main Index | Thread Index | Old Index