On Fri, 2007-12-21 at 13:03 -0800, Kenneth Porter wrote: > On Thursday, December 20, 2007 5:30 PM -0500 "William L. Maltby" > <CentOS4Bill at triad.rr.com> wrote: > > >> iptables -A OUTPUT -d torrent.centos.org -p tcp --dport 6969 -j DROP > > > > Thanks Kenneth. IIRC, I can use the IP to avoid DNS resolution and do it > > faster? Yep just did "man ..." and see that. > > The iptables command stores the resolved IP in the kernel. So the DNS > lookup is done once when you install the rule, not each time a packet is > passed through the rule. > > If you read the rules back out with "iptables -L -n" or iptables-save, > you'll see the raw IP. Yeah. As normal, *after* I posted I remembered that from some very early and brief work with it (or was it ipchains?). I also remembered how to delete a specific rule (or was that in ipchains too?). Anyway, I got the needed pointers. After I do some personal stuff this weekend, I plan to hit it. > <snip sig stuff> -- Bill