Leslie Jensen <[EMAIL PROTECTED]> writes: >> With DNS names? That's likely to be your problem. > > Oh, I didn't know that! Can you tell me how to handle this?
The problem is that this makes your ruleset load dependent on working name resolution, which may not be available at the time rc starts pf and loads your rule set. > The problem is these hosts are not fixed IP's so they use no-ip > (http://www.no-ip.com/) to provide a fixed address. That doesn't make things any easier, unfortunately. I'd say by all means define the table, but wait until somewhere in your rc.local to fill in those addresses (say, with a script that checks if each name resolves, then adds the returned addresses to the table). Brittle, but with a fighting chance of working. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
