Ryan wrote: > On Saturday 08 July 2006 10:06 am, Jason Bradley Nance wrote: >>> iptables -A FORWARD -d chatenabled.mail.google.com -j DROP >> IPTABLES doesn't filter based on hostname. You would need some special >> module (assuming it exists) and it for sure isn't part of RHEL/CentOS. >> > > Are you sure about this? > > I have had no problem creating rules by hostname, although I've only used the > front ends shorewall and firestarter on CentOS. Yea it does work. What would really be handy though would be if iptables would resolve the hostnames internally and adhere to the TTL records. Then it would lookup the address again when the TTL expires. This would allow you to set a hostname and know that it would eventually get updated when the DNS record changes. Currently you have to re-run the iptables rules any time the DNS changes. DNS can be spoofed and taken over in other ways so this would not be for everyone but for some uses it would come in very handy.