# how to ban a range of ip's using their DNS entryand iptables

## crimson

Hi, I would like to block/ban all ip's coming from *.dynamic.hinet.net .

They frequently try to relay spam on my mail server and I don't use it for much other than local use anyway so I would like to know how can I ban all ip's coming from that domain using iptables?

----------

## nbennett

There's really no easy way to do this.  I had a problem with Morocco and needed to deny them completely.  I couldn't really figure an easy way to do this in iptables so I just found the netblocks I needed through ARIN/RIPE.  So on my border router I just trash the packets before they even get into my network.

----------

## crimson

I was reading somewhere that it's possible, but then also that by using DNS to block, each packet must be checked to see if it's not from that specific domain so it does a lot of DNS queries which could slow network down a bit, I may just have to find the right IP range to block, and go that route.

----------

