Re: Iptables vhost

To: debian-firewall@lists.debian.org
Subject: Re: Iptables vhost
From: debian@farnz.org.uk
Date: Tue, 16 Sep 2003 11:21:08 +0100
Message-id: <[🔎] 20030916102108.GA13691@farnz.org.uk>
In-reply-to: <[🔎] 200309161210.25813.debian@masterpe.nl>
References: <[🔎] 200309161210.25813.debian@masterpe.nl>

On Tue, Sep 16, 2003 at 12:10:25PM +0200, Master_PE wrote:
> Hi,
> 
> Is it posebole with iptables to filter on a DNS name not a ip address?

In general, no. IPTables only sees the IP address of the packet; the DNS 
name is never passed on. HTTP 1.1 defines a mechanism for a HTTP client 
(such as a webbrowser) to tell a HTTP server which DNS name it 
requested, which allows things like Apache virtual hosting to work using 
only 1 IP address, but most protocols don't have anything similar.

If you need to do filtering in iptables, you'll have to get multiple IP 
addresses.

-- 
HTH,
Farnz

Reply to:

References:
- Iptables vhost
  - From: Master_PE <debian@masterpe.nl>

Prev by Date: Iptables vhost
Next by Date: Re: Iptables vhost
Previous by thread: Iptables vhost
Next by thread: Re: Iptables vhost
Index(es):
- Date
- Thread