Marek Kierdelewicz escreveu:
Hi everyone,
Hi,
I have readed a lot here in the list and in other places that i SHOULD
NOT use domain names in iptables, cause it will result in a dns
request to every packet that reachs that rule.
Not really. Domainname is resolved at the time of rule addition to a
ruleset. Netfilter stores the destination address in numerical form.
You can use CRON to restart firewall every night or even every hour.
This would allow you to have the current server addresses in a
ruleset.
Ok, tks Marek. I'll try this.
Cheers,
Marek Kierdelewicz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
