On Fri, 2007-12-21 at 13:03 -0800, Kenneth Porter wrote:
On Thursday, December 20, 2007 5:30 PM -0500 "William L. Maltby" CentOS4Bill@triad.rr.com wrote:
iptables -A OUTPUT -d torrent.centos.org -p tcp --dport 6969 -j DROP
Thanks Kenneth. IIRC, I can use the IP to avoid DNS resolution and do it faster? Yep just did "man ..." and see that.
The iptables command stores the resolved IP in the kernel. So the DNS lookup is done once when you install the rule, not each time a packet is passed through the rule.
If you read the rules back out with "iptables -L -n" or iptables-save, you'll see the raw IP.
Yeah. As normal, *after* I posted I remembered that from some very early and brief work with it (or was it ipchains?). I also remembered how to delete a specific rule (or was that in ipchains too?).
Anyway, I got the needed pointers. After I do some personal stuff this weekend, I plan to hit it.
<snip sig stuff>