From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jim Laurino Subject: Re: IP Vs DNS (nfcan: addressed to exclusive sender for this address) Date: Tue, 11 Oct 2005 19:10:30 -0400 Message-ID: <20051011231030.GA18418@salty> References: <434C28FB.3000805@ttienterprises.org> Reply-To: nfcan.x.jimlaur@dfgh.net Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Return-path: Content-Disposition: inline In-Reply-To: <434C28FB.3000805@ttienterprises.org> (from +nfcan+jimlaur+eb82a5d024.barry#ttienterprises.org@spamgourmet.com on Tue, Oct 11, 2005 at 17:04:59 -0400) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; format="Flowed"; delsp="Yes"; charset="us-ascii" To: netfilter@lists.netfilter.org On 2005.10.11 17:04, Barry Fawthrop - barry@ttienterprises.org wrote: > Greetings all > > with an IPTABLES ruleset you can specify an IP address to be allowed/blocked > iptables INPUT -s 12.12.12.12 -j ALLOW > > But can this be done with a DNS name > iptables INPUT -s www.name.com -j ALLOW IPTABLES accepts DNS names, but the DNS lookup is performed when the rule is placed in the kernel, not when the rule is evaluated against a packet. The kernel (netfilter) rules use ip address only. To achieve what you want, I think you would have to update the rule whenever the DNS mapping changed. > > since 12.12.12.12 may be www.name.com but it can also be > 12.12.15.12 or 12.15.12.19 > eg www.nasa.gov this address does vary depending on location and sometimes > time of day > from a single point I can ping www.nasa.gov and get different IP addresses > for it. > > Yet I would like to allow access but preferably not to a whole range. > Also by allowing a DNS name then if a single IP addresses hosts many sites, > I can be specific about the site? > > > Thanks in advance > B > > >-- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.344 / Virus Database: 267.11.14/129 - Release Date: 10/11/2005 > > > -- Jim Laurino nfcan.x.jimlaur@dfgh.net Please reply to the list. Only mail from the listserver reaches this address.