Dominic > I currently have an ISP that has multiple address ranges that > I wish to > accept in my iptables ruleset. Is it possible for me to use > the DNS Suffix > instead of the actual ip as they are currently dynamically > assigned. e.g. > iptables -s nsw.bigpond.net.au (current assigned address is > cpe-203-45-103-100.nsw.bigpond.net.au). dig -t ptr 254.127.45.203.in-addr.arpa 2 minutes with dig.. Tells me that Bigponds block for nsw is 203.45.64.0/18 CPE-203-45-64-0.nsw.bigpond.net.au. CPE-203-45-127-255.nsw.bigpond.net.au. Which is what you want but I'm not sure I'd want to let all the bots through my firewall John
