[CentOS] IPTABLES don't solve name HOST - CENTOS 4.3

Adam Gibson agibson at ptm.com
Tue Jul 11 20:48:58 UTC 2006


Ryan wrote:
> On Saturday 08 July 2006 10:06 am, Jason Bradley Nance wrote:
>>> iptables -A FORWARD -d chatenabled.mail.google.com -j DROP
>> IPTABLES doesn't filter based on hostname.  You would need some special
>> module (assuming it exists) and it for sure isn't part of RHEL/CentOS.
>>
> 
> Are you sure about this?
> 
> I have had no problem creating rules by hostname, although I've only used the 
> front ends shorewall and firestarter on CentOS.

Yea it does work.  What would really be handy though would be if 
iptables would  resolve the hostnames internally and adhere to the TTL 
records.  Then it would lookup the address again when the TTL expires. 
This would allow you to set a hostname and know that it would eventually 
get updated when the DNS record changes.  Currently you have to re-run 
the iptables rules any time the DNS changes.  DNS can be spoofed and 
taken over in other ways so this would not be for everyone but for some 
uses it would come in very handy.



More information about the CentOS mailing list