Bill Shirley has contributed a PHP program that will populate an IPSET from DNS. The program is available at:
http://www.shorewall.org/pub/shorewall/contrib/DNSLookup/
ftp://ftp.shorewall.org/pub/shorewall/contrib/DNSLookup/
The program arguments are documented in the program source.
It is suggested that the program be run periodically via cron. The
program accepts an argument that sets the timeout value for entries in
the ipset. In most applications, setting the timeout to be considerably
longer than the DNS entries' TTL is recommended. That way, sites that
specify a short TTL and advertise a large number of addresses with short
TTLs in round-robin fashon will still fully populate the ipset over time.
Thanks to Bill for this contribution!
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
