Hi Boris Am 09.07.2015 um 18:13 schrieb Boris:
Hej LEAF-user,no troubles since years (thank you all!!) but now I found a new phenomen and do not know how to handle - hope to find some help in here.... I'm running an older leaf box as router and firewall (3.1) and use a name-based rule in shorewall to filter some stuff, something like ACCEPT loc net:www.gmx.de all
AFAIK this notation has been deprecated a long time ago. See http://shorewall.net/configuration_file_basics.htm#dnsnames
Now some weeks ago, the service from www.gmx.de (this is an example!) became unstable at the client and I finally found out that the IP behind the name www.gmx.de changes from time to time. Also, nslookup tells me something about a 'canonical name' which I didn't realize at other hosts:
So you may have run into the above. Solutions....You could try to assemble a list of IP addresses for the service you want to access. I would not recommend that.
Better you should use rules for specific services, allow those services unrestricted or to a group of addresses you trust.
cheers Erich
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Don't Limit Your Business. Reach for the Cloud. GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business. Configured For All Businesses. Start Your Cloud Today. https://www.gigenetcloud.com/
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/