Hi, my default network policy is to block all outgoing traffic and only allow certain packets to pass. For some users, I'd like to open up Google Mail (imap.gmail.com:993 and smtp.gmail.com:587). However, Google's DNS give randomly out different IPs per query. Sadly, they are not all located within a subnet, but vary in all parts of the address. If I want to have destination host based rules, how can I do this with iptables? My current idea is to run a cron job every few minutes to add the rules again with the changed IPs, but this sounds like an ugly workaround, and will clutter my user-defined chain heavily. Is there any other approach, other than opening up all traffic to 993 and 587? Thanks, Florian-- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
