[CentOS] iptables -d fqdn instead of IP
mail-lists at karan.org
Thu Oct 29 12:00:07 UTC 2009
On 10/29/2009 10:29 AM, Vinicius Coque wrote:
>> does it work to define iptables rules with a fqdn as destination
>> instead of an IP address? Or is it useful to resolve the name first
>> using e.g. nslookup, writing the result to a variable which is then
>> used within the -d statement?
I guess that depends on what you are trying to achieve, afaik iptables
will not hit DNS for each packet, and will only resolve at time of table
/ policy creation.
More information about the CentOS