Actually right, resolving at each startup makes the firewall vulnerable to dns spoofing.
OTOH its a nice feature to be able to write down domain names. So, the two stages may be improved. The lower-stage firehol start/stop scripts could always just dump/restore the rules (resolved IPs), to make sure firewall is up even on resolv errors. The stage two script (when an interface came up) rechecks whether the config file (possibly containing domains) does still create the same rules (with IPs). If there are differences, notify/warn the admin if the config file has not been changed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/490317 Title: start script fails with upstart (if config requires DNS resolv) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs