> That's a nice question, instead of the dynamic IP on the rule, > having a dynamic host on it like: > > Iptables -I INPUT -I eth0 -d myhost.dyndns.org -p tcp --dport 80 -j > ACCEPT > > When this run's, the rule will stay with the IP address that was > grabbed from the dynamic host, and when the IP changes, the rule > won't work anymore. > My question is, there's no way to make iptables to check always the > host instead of translation the host do IP on the rule apply stage? If iptables would have to perform a DNS lookup everytime a packet passes, I think it would be terribly slow and probably not usable for packetfiltering. Grts, Rob -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html