From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040124 Description of problem: In /etc/sysconfig/iptables I can specify hostnames as target (from /etc/hosts), but when used with DNAT this fails with 'Bad IP address' error message. Version-Release number of selected component (if applicable): iptables-1.2.9-1.0 How reproducible: Always Steps to Reproduce: 1. edit /etc/hosts and add <some.ip.address.here> workstation1 2. edit /etc/sysconfig/iptables and add: --- cut --- *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # this one works [0:0] -A PREROUTING -d workstation1 -j DROP # this one fails [0:0] -A PREROUTING -p tcp -m tcp --dport 5930 -j DNAT --to-destination workstation1:5930 COMMIT --- cut --- 3. type 'iptables start' Actual Results: Applying iptables firewall rules: iptables-restore v1.2.9: Bad IP address `workstation1' Expected Results: iptables-restore using /etc/hosts to resolve hostnames with DNAT, just it uses it with simple -p tcp -d hostname for example. Additional info: See Steps to Reproduce. The idea is to have same iptables firewall on diferent firewall machines that do the same job and only diferent /etc/hosts file. This scenario works for simple firewall rules where host from hosts file is specified as source/destination (-s/-d) but not with SNAT/DNAT. The workaround is to replace all hostnames in this file for every firewall machine, but this makes multiple machines management harder.