Re: Outgoing firewall and CNAMES

To: debian-user@lists.debian.org
Subject: Re: Outgoing firewall and CNAMES
From: Tom Grace <lists-in@deathbycomputers.co.uk>
Date: Sun, 16 Sep 2012 18:56:58 +0100
Message-id: <[🔎] 505612EA.90806@deathbycomputers.co.uk>
Reply-to: tom@deathbycomputers.co.uk
In-reply-to: <[🔎] 5050BF66.2050103@coffeehabit.net>
References: <[🔎] 5050BF66.2050103@coffeehabit.net>

On 12/09/12 17:59, Lists wrote:
> I use an outgoing policy of deny on webservers, and allow explicitely
> what I need them to connect to.  This has never posed a problem, until
> today.  I need to allow a website to pull in a feed from another site,
> hosted on amazon's elastic cloud thingy.  The problem is, the DNS name
> is a CNAME to a CNAME to a CNAME, like:
> 
> How do you guys deal with this kind of problem?

Generally, I've seen this solved using a whitelisting proxy on another
machine, rather than by using iptables.

Reply to:

References:
- Outgoing firewall and CNAMES
  - From: Lists <lists@coffeehabit.net>

Prev by Date: Re: Preseed for Wheezy - Multi-disk Alternative
Next by Date: Debian-live systems with encrypted live-media device - what do you specify for the live-media boot parameter?‏
Previous by thread: Outgoing firewall and CNAMES
Next by thread: ACPID stuck in an endless loop - prevents login
Index(es):
- Date
- Thread