On Tue, Jun 04, 2002 at 10:41:58AM -0700, Brian Ugie wrote: > Below is the hosts portion of nsswitch.conf. The actual hosts file is > below that. I have also included the simple config that I am using for > iptables. I have seen the -n option but it is not relevant for appending, > inserting or replacing. It only applies to listing (output)
Er, unless I'm missing something, you're using hostnames in your IPTables rules, and then complaining that IPTables is resolving those hostnames? Excuse me if this sounds obvious, but why not use IP addresses in the rule specifications. If you're worried about having to alter all the relevant rules if an IP address changes then just assign it to a variable... #!/bin/sh -x WEBSERVER="10.10.10.13" iptables -A INPUT -p tcp -d $WEBSERVER --dport 80 -j ACCEPT iptables -A INPUT -p tcp -d $WEBSERVER -j REJECT --reject-with tcp-reset etc. <snip> -- FunkyJesus System Administration Team
