On Mon, 2 Jun 2014, "Wenjian Bill Yang" <byang_32@yahoo.com> wrote:
I just used Yahoo.com as an example. In fact, you cannot use any domain names in iptables rules. I have come across a website stated that "the iptables service starts before any DNS-related services when a Linux system is booted. This means that firewall rules can only reference numeric IP addresses (for example, 192.168.0.1). Domain names (for example, host.example.com) in such rules produce errors." However, many tutorials on websites nowadays have examples of using domain names in iptables rules.
It looks like you are using the RHEL/CentOS init scripts. You can change the order of them, look at the start of the init.d script for comments which determine the order. Or you could just reload from /etc/rc.local. On Mon, 2 Jun 2014, Tony Crisp <supervoc@arc.net.au> wrote:
Then there was the issue of the remote end dropping off and coming back with a new dynamically allocated IP and not being able to re-establish the tunnel. So I had some script keep checking for any disconnects, and if the IP changed, reloaded the relevant iptables rules again (based on the latest dyndns lookup).
OpenVPN supports running scripts on various events. You could make it launch a script when it gets a connection. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/