Good morning man iptables says -s, --source [!] address[/mask] Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option. the same goes for destination... the question is: how is name resolution implemented? Is userspace iptables resolving names into ips and loading them into the kernel when i impart the command line and then are they left as they are into the kernel? If an ip address changes its value, mantaining the same name, is it necessary to reload the rule? If a name has more than one ip address (the name has aliases), are all the ip addresses loaded into the rule? (as an example www.google.com has three ips). If yes, how can I see the numeric values into the iptable rule? Thanks for the answer, assumed that "a remote query such as DNS is a really bad idea", I am interested in the concept implementation. Giacomo -- Giacomo S. http://www.giacomos.it - - - - - - - - - - - - - - - - - - - - - - * Aprile 2008: iqfire-wall, un progetto open source che implementa un filtro di pacchetti di rete per Linux, e` disponibile per il download qui: http://sourceforge.net/projects/ipfire-wall * Informazioni e pagina web ufficiale: http://www.giacomos.it/iqfire/index.html - - - - - - - - - - - - - - - - - - - - - - . '' `. : :' : `. ` ' `- Debian GNU/Linux -- The power of freedom http://www.debian.org -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
