[CentOS] IPTABLES don't solve name HOST - CENTOS 4.3

Aleksandar Milivojevic alex at milivojevic.org
Mon Jul 10 19:23:40 UTC 2006


Quoting Ryan <ryanag at zoominternet.net>:

> On Saturday 08 July 2006 1:25 pm, Aleksandar Milivojevic wrote:
>> Said all this, as manual page says, using host names with iptables is
>> really bad idea.  You never know what you are going to get.
>
> The same is true of IP addresses. Blocking an IP address can block   
> many domain
> names since hosting providers sometimes do name-based hosting.

You are still going to end up blocking the IP address.  The (user  
space) iptables command will resolve the host name to IP address.   
You'll end up with exactly the same rule no matter if you used host  
name directly or IP address.  The only difference is, in later case  
you know exactly what the rule is going to be.  When configuring  
firewall, you do want to be exact.

-- 
See Ya' later, alligator!
http://www.8-P.ca/




More information about the CentOS mailing list