On Tue, 30 Aug 2005 05:58:09 -0700 (PDT) rockey dada <rockeydada@xxxxxxxxx> wrote: > Is there any way one can use IPTABLES to filter traffic based on "Fully > Qualified Domain Names". not really. userspacetools can do dns-lookups when executed, but the rules inserted into the (kernelspace) netfilter will NEVER do any dns-lookups. (and i`m glad nobody even thought about implementing this :) ). so /dev/rob0 is right: use proxys for this kind of filtering. even if you rely on dns-lookups while creating the netfilter-rules you cant be sure you got ALL entrys in a rr-dns record AND after inserting the rules you cant beu sure the entrys do not change. virtual
