Hi,

In case u wanted to restrict access from a certain domain name.... ipchains doesnt accept domain names for -s or -d afaik. At least, I couldnt get a rule like

ipchains -A input -s *.nz -d 123.123.123.123 -j DENY

I really suggest you read up on networking. The Linux documents are a good start. Ipchains does accept domain names but its not a good idea to use them. The name you have tried to use is not a domain name. Its an attempt to glob a domain which will not work with any network application.I presume you were trying to map .nz to a subnet aaa.bbb.ccc.ddd/nn. First of all, domain space does not map to subnets. It is quite possible to have a domain with all its hosts scattered in different subnets. You need a DNS zone transfer to identify all the hosts in a domain and if you try that an aware administrator may finger you as a potential threat. You can map a host from its fully qualified domain name (FQDN) to one or more IP addresses. Using the FQDN in ipchains will return just one address. You may be getting confused with proxy configuration. This is quite different. Firewalls work on the IP address, proxies can work on the text sting sent by the calling application. This makes *.nz perfectly valid for configuring say a web proxy. HTH John