Using DNS names when making iptables rules
Patrick Schaaf
bof@bof.de
Tue, 8 Jan 2002 22:03:10 +0100
> From: "Damien Dye" <damien@madwire.co.uk>
> > is it possible to write rules useing the dns names of the hosts instead of
> > the IP address
On Tue, Jan 08, 2002 at 12:38:18PM -0800, Bryan Hundven wrote:
> Of course, You just have to remember that each time a connection comes in,
> to match it must do a dns lookup to verify (which takes some time).
> It is recommended to use ip's.
I am 100% sure that iptables does NOT do on-the-fly DNS lookups.
The names are looked up when the rule is loaded into the kernel
(i.e. the relevant iptables command is executed). In the kernel,
there are only IP addresses.
I have a cunning plan how to improve the situation, but I don't
know if it's really a good idea...
best regards
Patrick