Hi!

First I would like to describe my home network: I have one dedicated machine that works as a NAT firewall / DNS / DHCP server. That machine is the only one with direct contact to the Internet and it's "always" on (a reboot every second month, or so). That machine is also the only one with a fix IP (XXX.XXX.XXX.254). Every other machine (a couple of different Linux boxes and one Win2k machine) connects with DHCP. One Linux box is a Samba server.

Now for the problem. I want the Samba server to allow connections from other machines based on their hostnames in the DNS. I've written a very restrictive set of iptables rules that is started before I bring up eth0. Those rules only allow contact with the DHCP server. Then I've written some rules that allow SMB connect with specific machines. Like these:
These rules are added after eth0 is activated and then iptables seems to resolve the name for an ip. The problem is that if "crap" (in this case) isn't on when I start the Samba server, then it's never allowed to connect, since the lookup fails.

How is this solved? Is it possible to write iptables rules that resolves the hostname "on demand"?

Thanks in advance!
Martin

A suggestion...
Don't worry about the dynamic part...
In your dhcpd.conf, link the MAC address of each pc to just one ip number, then use that ip number and/or the MAC address in your rules..

eg http://www.linuxquestions.org/questi...hreadid=128325

Why bother to use hostnames when you could use IP addresses?
Since your using DHCP for your LAN hosts then you could as well use one single rule for the entire LAN network. Why?
Any computer connected to your LAN gets an address, all in the same range som why not use that range in the first place.
If you would like make it just a bit more secure then specify tha only connection incoming on your LAN interface are allowed.

iptables -A INPUT -d lanip --dport 137:139 -i laninterface ....

(you may have to change order of --dport and -i)