On Thursday, December 20, 2007 5:30 PM -0500 "William L. Maltby" <CentOS4Bill at triad.rr.com> wrote: >> iptables -A OUTPUT -d torrent.centos.org -p tcp --dport 6969 -j DROP > > Thanks Kenneth. IIRC, I can use the IP to avoid DNS resolution and do it > faster? Yep just did "man ..." and see that. The iptables command stores the resolved IP in the kernel. So the DNS lookup is done once when you install the rule, not each time a packet is passed through the rule. If you read the rules back out with "iptables -L -n" or iptables-save, you'll see the raw IP.