From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124

Description of problem:
    In /etc/sysconfig/iptables I can specify hostnames as target (from
/etc/hosts), but when used with DNAT this fails with 'Bad IP address'
error message.

Version-Release number of selected component (if applicable):
iptables-1.2.9-1.0

How reproducible:
Always

Steps to Reproduce:
1. edit /etc/hosts and add
<some.ip.address.here> workstation1

2. edit /etc/sysconfig/iptables and add:
--- cut ---
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# this one works
[0:0] -A PREROUTING -d workstation1 -j DROP
# this one fails
[0:0] -A PREROUTING -p tcp -m tcp --dport 5930 -j DNAT
--to-destination workstation1:5930
COMMIT
--- cut ---

3. type 'iptables start'


Actual Results:  Applying iptables firewall rules: iptables-restore
v1.2.9: Bad IP address `workstation1'


Expected Results:  iptables-restore using /etc/hosts to resolve
hostnames with DNAT, just it uses it with simple -p tcp -d hostname
for example.


Additional info:

See Steps to Reproduce. The idea is to have same iptables firewall on
diferent firewall machines that do the same job and only diferent
/etc/hosts file. This scenario works for simple firewall rules where
host from hosts file is specified as source/destination (-s/-d) but
not with SNAT/DNAT. The workaround is to replace all hostnames in this
file for every firewall machine, but this makes multiple machines
management harder.