How to use FQDN in firewall rules for GNU/Linux?

How to use FQDN in firewall rules for GNU/Linux? I'm trying to setup a firewall for one of GNU/Linux systems. AFAIK, iptables and its ilk cannot make use of FQDNs in their configuration, since they're expected to be operational before the network interface is setup and before access to DNSs are available.
Asked by: Guest \| Views: 297

Total answers/comments: 1

Comments display order:

Guest [Entry]

"As per Darren's suggestion, I wrote up the a shell script that looks up the IP, then adjusts firewall rules as necessary (and, by necessary, I meant delete everything from earlier and replace with the right IP). Here's the script:

#!/bin/bash

target_hosts=""dynhost.does-not-exist.com another-host.does-not-exist.com""

if [ -f ""/root/dynblock-curr"" ]; then
mv /root/dynblock-curr /root/dynblock-prev
fi

touch /root/dynblock-curr

if [ -f ""/root/dynblock-prev"" ]; then
# Remove previously set firewall allows
for prev_ip in `cat /root/dynblock-prev`; do
ufw delete allow from $prev_ip to any app OpenSSH > /dev/null
done
fi

for target_host in $target_hosts; do
# Look up IP per host
# echo ""Looking up IP for host:"" $target_host
target_ip=`host $target_host | cut -d ' ' -f 4`
if [ $? -eq 0 ]; then
echo $target_ip >> /root/dynblock-curr
ufw allow from $target_ip to any app OpenSSH > /dev/null
fi
done

Obviously, I didn't intend to spend more than the required number of brain cells on this. This has been tested and guaranteed to Work For Me™. This is executed through cron every 15 minutes.

Another (just as obvious) note: I ended up using ufw to manage iptables rules for me (as I said, minimum brain cell count)."