iptables + resolve domain name

[plice]

Hi,

I'm using dynamic IP to access a PC. I have a dynamic domain etc.

I've got a simple script that checks the domain, if differs it will restart iptables, that's working fine.

What I'm stuck at is that iptables is dropping that domain:
$IPTABLES -F
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "DROP INVALID STATE " --log-ip-options --log-tcp-options
$IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP

$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

allow few IPs in other than home net. eg:
$IPTABLES -A INPUT -p tcp -i eth0 -s xxxx.xxx.xx.xx --match multiport --dports xxx --syn -m conntrack --ctstate NEW -j ACCEPT
$IPTABLES -A INPUT -p tcp -i eth0 -m string --string "domain.name" --algo bm -j ACCEPT <-- works ok

up to this point iptables are able to resolve domain.name and use it.

.
.
.
$IPTABLES -A INPUT -i eth0 -m iprange ! --src-range $HOME_NET -j LOG --log-prefix "IPs out of range "
$IPTABLES -A INPUT -i eth0 -m iprange ! --src-range $HOME_NET -j DROP <-- domain name is dropped.



If I change the domain name to IP, it works fine; the line above won't block it. I've tried:
$IPTABLES -A INPUT -i eth0 -m iprange ! --src-range $HOME_NET -j -m string ! --string "domain.name" --algo bm LOG --log-prefix "IPs out of range "
Whatever I do, the domain name is being dropped.

Is it possible to refer in iptables to a bash variable? I can drop the IP instead of resolving it.


Thanks!