On Tue, Sep 16, 2003 at 12:10:25PM +0200, Master_PE wrote: > Hi, > > Is it posebole with iptables to filter on a DNS name not a ip address?
In general, no. IPTables only sees the IP address of the packet; the DNS name is never passed on. HTTP 1.1 defines a mechanism for a HTTP client (such as a webbrowser) to tell a HTTP server which DNS name it requested, which allows things like Apache virtual hosting to work using only 1 IP address, but most protocols don't have anything similar. If you need to do filtering in iptables, you'll have to get multiple IP addresses. -- HTH, Farnz
