Fwd: iptables rule by domain name?
Allen
aef@prismnet.com
Mon, 4 Mar 2002 17:37:01 +0000
Guys,
What happens if you write a rule with a domain name
instead of an IP address ?
Technically...
???
( Please do a reply-all )
-AEF
---------- Forwarded Message ----------
Subject: iptables rule by domain name?
Date: Mon, 4 Mar 2002 14:51:31 -0600
From: Phillip.Watts@nlynx.com
To: Allen <aef@prismnet.com>
Cc: linux@ctlug.org
Allen,
I have been told I'm going to have to ip blocking by
domain name. I have a question which I haven't been
able to find the answer to.
If a rule is added like -s rlink.goofus.user -j DENY
would netfilter do the DNS lookup at the time the
rule was added or would it do it a reverse DNS every time
a packet hit (surely not ) ?
This is a major performance question?
And if its the former (I hope) what if the firewall didn't have DNS open
at the time the rule was added.
Thought you might have an idea. Thanx
---------------------------------------------------------------------
To unsubscribe, e-mail: linux-unsubscribe@ctlug.org
For additional commands, e-mail: linux-help@ctlug.org
---------------------------------------------------------------------
The Central Texas Linux User's Group meets at 7 PM on the third
Monday of every month at the facilities of Cisco Systems in Austin.
See our website at <http://www.ctlug.org> for details.
-------------------------------------------------------
--
I don't use a keyboard anymore, my cat does all my typing for me...