Re: Proposed Improvements to NPF

To: Josh Moyer <JMoyer%nodomain.net@localhost>
Subject: Re: Proposed Improvements to NPF
From: Martin Husemann <martin%duskware.de@localhost>
Date: Sun, 8 Jun 2025 07:30:21 +0200

On Sat, Jun 07, 2025 at 08:52:56PM +0000, Josh Moyer wrote:
> As for "DNS lookups", I was thinking of using gethostbyname(3), Olaf, so I'm
> sure that nsswitch.conf would be honored.  Greg's use case reasonably
> matched my own, so I think we're all on the same page here.

Supporting those sounds fine (and it is admins repsonsibility to avoid
the deadlocks mentioned, i.e. not rely on an external DNS that is
blocked during initial load of the NPF configuration, e.g. by using
/etc/hosts entries for the relevant parts).

However, I wouldn't go as far as make host names fully dynamic, that
is: for hosts that might change their IPs during livetime of the NPF
configuration, do not even try to make NPF deal with this itself.
Instead use other mechanisms to force a reload of the (same/static) NPF
configuration at the proper times.

Martin

Follow-Ups:
- Re: Proposed Improvements to NPF
  - From: Greg Troxel

References:
- Proposed Improvements to NPF
  - From: Josh Moyer
- Re: Proposed Improvements to NPF
  - From: Greg Troxel
- Re: Proposed Improvements to NPF
  - From: Rhialto
- Re: Proposed Improvements to NPF
  - From: Greg Troxel
- RE: Proposed Improvements to NPF
  - From: Josh Moyer

Prev by Date: Re: Proposed Improvements to NPF
Next by Date: Re: Proposed Improvements to NPF
Previous by Thread: Re: Proposed Improvements to NPF
Next by Thread: Re: Proposed Improvements to NPF
Indexes:

Home | Main Index | Thread Index | Old Index