iptables and DNS
Tue, 4 Jun 2002 20:34:29 +0100
I'm not sure if I've got the gist of this thread correctly, but I thought it
might be useful to point out the following, which may not be obvious:
If you create netfilter rules using hostnames, they get resolved once and
once only at the time the rule is entered (ie when you type it in, or when it
gets executed in a startup script), and from that point onwards, netfilter
internally uses the numeric value in the ruleset.
If you create netfilter rules using IP addresses, then of course it's clear
that these are the addresses being used in the rules, but internally
everything is just the same.
Do not think that netfilter is going to do a series of DNS lookups every time
a packet comes through and gets matched against a ruleset which you specified
using hostnames !
Hope that helps ?