Re: blocking only https access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>Hi everyone,

Hi,

>I have readed a lot here in the list and in other places that i SHOULD 
>NOT use domain names in iptables, cause it will result in a dns
>request to every packet that reachs that rule.

Not really. Domainname is resolved at the time of rule addition to a
ruleset. Netfilter stores the destination address in numerical form.

You can use CRON to restart firewall every night or even every hour.
This would allow you to have the current server addresses in a
ruleset.

Cheers,
Marek Kierdelewicz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux