So I'm trying to accept connections on port 80 only from those IPs whose reverse DNS has a CNAME alias like, for example, *.test.mydomain.com:
1.1.1.1 resolves to boo.foo.com
and
*.test.mydomain.com CNAME boo.foo.com
then accept the connection.
Any tips?
iptableshas deal with IP addresses and subnets, not with DNS records.You have to write script, which will perform full zone transfer (something like
dig -t AXFR test.mydomain.com), parse obtained zone file to get all CNAMEs from it, resolve them to IP addresses and add rules to iptables. Then you should place this script in cron.