path: root/
diff options
authorJan Engelhardt <>2009-11-18 00:00:37 +0100
committerJan Engelhardt <>2009-11-18 00:01:23 +0100
commit1bd2f0a20596e47c082c2415369a209ed1b329f6 (patch)
treea4907f96f03620a9ae0675602deacfd645c03101 /
parent7573631fa9f6f15b28a13cc5d22f2a446f69fd64 (diff)
doc: name resolution clarification
Sometimes there are users who wonder about when name resolutions/DNS queries are done, so let's add that for completeness. Signed-off-by: Jan Engelhardt <>
Diffstat (limited to '')
1 files changed, 6 insertions, 4 deletions
diff --git a/ b/
index 66d8543c..56881331 100644
--- a/
+++ b/
@@ -240,10 +240,12 @@ option is omitted.
[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP]
Source specification.
-\fIAddress\fP can be either a hostname (please note that specifying
-any name to be resolved with a remote query such as DNS is a really bad idea),
-a network IPv6 address (with \fB/\fP\fImask\fP), or a plain IPv6 address.
-(the network name isn't supported now).
+\fIAddress\fP can be either be a hostname,
+a network IP address (with \fB/\fP\fImask\fP), or a plain IP address.
+Names will be resolved once only, before the rule is submitted to the kernel.
+Please note that specifying any name to be resolved with a remote query such as
+DNS is a really bad idea.
+(Resolving network names is not supported at this time.)
The \fImask\fP is a plain number,
specifying the number of 1's at the left side of the network mask.
A "!" argument before the address specification inverts the sense of