comp.os.linux.networking

D. Stussy wrote:
> "David Brown" wrote in message
> news:47dd77b4$0$8159$8404b019@news.wineasy.se...
>> If I write an iptables rule with a hostname, when is the hostname
>> resolved? For example:
>>
>> iptables -A INPUT -p tcp --src remoteoffice.company.com --dport 25 -j
> ACCEPT
>>
>> I believe that "remoteoffice.company.com" is resolved at the time the
>> "iptables" statement is executed, rather than being stored in the chain
>> as a hostname and resolved when packets are checked. Can anyone confirm
>> that?
>
> Correct. Resolved when the command is loaded.
>
> Watch out for names that resolve to more than one address.
>

Thanks for confirming that for me. I'll only be using it for names that
I have control over and which will resolve to a single address. I
suppose that the most convenient way to update such rules when the ip
address changed would be to put them into a separate chain, which could
then be flushed and re-loaded without affecting other rules in the tables.

mvh.,

David