On Tue, Jun 04, 2002 at 06:52:23PM +0100, Nick Drage wrote: > On Tue, Jun 04, 2002 at 10:41:58AM -0700, Brian Ugie wrote: > > Below is the hosts portion of nsswitch.conf. The actual hosts file is > > below that. I have also included the simple config that I am using for > > iptables. I have seen the -n option but it is not relevant for appending, > > inserting or replacing. It only applies to listing (output) > > Er, unless I'm missing something, you're using hostnames in your IPTables > rules, and then complaining that IPTables is resolving those hostnames?
Good catch, Nick. I thought brain wanted to "-L" the iptables command to check out the rules. In order to set the rules, follow the below guidline. Ramin > > Excuse me if this sounds obvious, but why not use IP addresses in the rule > specifications. If you're worried about having to alter all the relevant > rules if an IP address changes then just assign it to a variable... > > #!/bin/sh -x > > WEBSERVER="10.10.10.13" > > iptables -A INPUT -p tcp -d $WEBSERVER --dport 80 -j ACCEPT > iptables -A INPUT -p tcp -d $WEBSERVER -j REJECT --reject-with tcp-reset > > etc. > > <snip> > > -- > FunkyJesus System Administration Team >
