Ryan wrote:
On Saturday 08 July 2006 10:06 am, Jason Bradley Nance wrote:
iptables -A FORWARD -d chatenabled.mail.google.com -j DROP
IPTABLES doesn't filter based on hostname. You would need some special
module (assuming it exists) and it for sure isn't part of RHEL/CentOS.
Are you sure about this?
I have had no problem creating rules by hostname, although I've only used the
front ends shorewall and firestarter on CentOS.
Yea it does work. What would really be handy though would be if
iptables would resolve the hostnames internally and adhere to the TTL
records. Then it would lookup the address again when the TTL expires.
This would allow you to set a hostname and know that it would eventually
get updated when the DNS record changes. Currently you have to re-run
the iptables rules any time the DNS changes. DNS can be spoofed and
taken over in other ways so this would not be for everyone but for some
uses it would come in very handy.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
