On Thursday 22 January 2004 11:25 am, Technical wrote:
> -A RH-Firewall-1-INPUT -s *.*.myvwz.com -m state --state NEW -m tcp -p tcp
> --dport 110 -j ACCEPT
Netfilter does not operate by hostnames / network domains - it operates by IP
addresses and network ranges.
Therefore if myvwz.com own a Class C range (or some other readily specified
subnet), you can specify -s $RANGE/24 etc, but you can't do it by DNS domain.
Note that you *can* specify a hostname in an iptables rule, but it will get
resolved as soon as the rule is entered, and then the IP address will be what
netfilter actually uses internally - it won't get resolved again.
Regards,
Antony.
--
If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.
Please reply to the list;
please don't CC me.
