comp.os.linux.networking

"David Brown" wrote in message
news:47ddb5ae$0$8161$8404b019@news.wineasy.se...
> D. Stussy wrote:
> > "David Brown" wrote in message
> > news:47dd77b4$0$8159$8404b019@news.wineasy.se...
> >> If I write an iptables rule with a hostname, when is the hostname
> >> resolved? For example:
> >>
> >> iptables -A INPUT -p tcp --src remoteoffice.company.com --dport 25 -j
ACCEPT
> >>
> >> I believe that "remoteoffice.company.com" is resolved at the time the
> >> "iptables" statement is executed, rather than being stored in the chain
> >> as a hostname and resolved when packets are checked. Can anyone
confirm
> >> that?
> >
> > Correct. Resolved when the command is loaded.
> >
> > Watch out for names that resolve to more than one address.
>
> Thanks for confirming that for me. I'll only be using it for names that
> I have control over and which will resolve to a single address. I
> suppose that the most convenient way to update such rules when the ip
> address changed would be to put them into a separate chain, which could
> then be flushed and re-loaded without affecting other rules in the tables.

If you're using a script to set up multiple rules for your own server, it's
better to use iptables-restore than individual iptables lines.