[CentOS] iptables -d fqdn instead of IP

Thu Oct 29 23:57:46 UTC 2009
Ryan Lynch <ryan.b.lynch at gmail.com>

On Thu, Oct 29, 2009 at 17:12, Robert Spangler <mlists at zoominternet.net> wrote:
> On Wednesday 28 October 2009 16:44, Marcus Moeller wrote:
>
>>  does it work to define iptables rules with a fqdn as destination
>>  instead of an IP address? Or is it useful to resolve the name first
>>  using e.g. nslookup, writing the result to a variable which is then
>>  used within the -d statement?
>
> Best bet it to stay with the address.

No offense, Robert, but I don't think yours is a very helpful
statement. When someone asks about alternative web servers, do we just
tell them "Best bet is to stay with Apache"? That's just an opaque
personal prejudice, and it doesn't give the guy asking the question
any new or helpful information.

I can definitely think of cases where using FQDNs is a better choice,
and I have some examples from my own personal experience. So I don't
believe that you can say there is a "best" method, for all situations.
You might be ignorant of the applicable use cases, but that doesn't
mean they don't exist.

Marcus can weigh the pros and cons of both methods, for his particular
case, and make an informed choice.

-Ryan