On 2005.10.11 17:04, Barry Fawthrop - barry@xxxxxxxxxxxxxxxxxx wrote:
Greetings all
with an IPTABLES ruleset you can specify an IP address to be allowed/blocked
iptables INPUT -s 12.12.12.12 -j ALLOW
But can this be done with a DNS name
iptables INPUT -s www.name.com -j ALLOW
IPTABLES accepts DNS names, but the DNS lookup is performed
when the rule is placed in the kernel,
not when the rule is evaluated against a packet.
The kernel (netfilter) rules use ip address only.
To achieve what you want, I think you would have to
update the rule whenever the DNS mapping changed.
since 12.12.12.12 may be www.name.com but it can also be
12.12.15.12 or 12.15.12.19
eg www.nasa.gov this address does vary depending on location and sometimes
time of day
from a single point I can ping www.nasa.gov and get different IP addresses
for it.
Yet I would like to allow access but preferably not to a whole range.
Also by allowing a DNS name then if a single IP addresses hosts many sites,
I can be specific about the site?
Thanks in advance
B
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.14/129 - Release Date: 10/11/2005
--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.
