basic iptables question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

When defining a network address why does the iptables man pages say its a
bad idea to use a domain name instead of an IP address?

Re: basic iptables question

Aussie Fred wrote:
Quoted text here. Click to load it

One possible reason is that some domain names resolve to multiple
addresses. In such cases, iptables needs to know which of the IPs
provided to use, or whether to use all of them in some way.

Scriptable IpTables rules with "Rope"

Re: basic iptables question

Quoted text here. Click to load it

Two possible reasons:

1) DNS may not be available at the time the iptables command
executes (often you want iptables to run before the interfaces
are up)

2) If you don't control the DNS of the name you are specifying,
the owner of the domain can spoof any IP he wants to get around
your rules


(try just my userid to email me)
see X- headers for PGP signature information

Site Timeline