A while back, I implemented egress filtering at my gateway box to tighten things up a bit. I only allowed outbound traffic on specific ports (e.g., 80, 443, 110, 25, etc...) Now I want to take it a step further and restrict traffic on ports 25 and 119 to my ISP's mail and news servers only. The problem is that when I try to define the servers in my script, the names won't resolve and the script chokes. Of course, I could just put the IP addresses and be done with it, but my ISP switches around its servers from time to time, and I don't want to be futzing around with my iptables script every time they change a server. I want it to do a DNS lookup and resolve the name.

This is how I'm doing it so far (relevant portions of the script only):
Code:
# Define servers
MAILSERVER="my.mail.server"
NEWSSERVER="my.news.server"

# Permit Outbound SMTP
$IPT -A tcp_outbound -p TCP -s $LOCAL_IFACE\
 -d $MAILSERVER --destination-port 25 -j ACCEPT
# Permit Outbound NNTP
$IPT -A tcp_outbound -p TCP -s $LOCAL_IFACE\
 -d $NEWSSERVER --destination-port 119 -j ACCEPT
When I start the script, I get:

iptables v1.2.7a: host/network 'my.mail.server' not found
Try 'iptables -h' or 'iptables --help for more information
iptables v1.2.7a: host/network 'my.news.server' not found
Try 'iptables -h' or 'iptables --help for more information

Any ideas on how I can get a DNS lookup for these servers in my script?