iptables question
Matthew Gillen
me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org
Fri Oct 23 19:40:01 EDT 2009
On 10/23/2009 04:13 PM, Dave Peters wrote:
> Is there anyway to use iptables blocking domain name not IP address?
>
> Example to block hotmail.com.
>
> I tried this iptables -A FORWARD -d hotmail.com -j REJECT and it won't work.
No. iptables will just do a DNS lookup on that and convert it to an ip
address, then add a rule. The problem is that high-volume, load-balanced
domains won't have a single ip address. And it certainly wouldn't work to
try and block anything under the hotmail domain.
What is it that you're trying to do? There might be an easier way...
Matt
More information about the Discuss
mailing list