Le mardi 20 mars 2007 à 11:02 +1100, Dominic Caputo a écrit :
> I currently have an ISP that has multiple address ranges that I wish to
> accept in my iptables ruleset. Is it possible for me to use the DNS Suffix
> instead of the actual ip as they are currently dynamically assigned. e.g.
> iptables -s nsw.bigpond.net.au (current assigned address is
> cpe-203-45-103-100.nsw.bigpond.net.au).
No it's not possible. Netfilter only works on IPs, which means if you do
that, iptables will resolve the DNS name _now_ and use the result to
push the rule that won't be updated afterwards if IP changes.
However, if you have an idea of how often the IP changes, you can write
a script that queries the name regularly and update your ruleset
accordingly when it changes.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
|