Can iptables allow DNS queries only for a certain domain name?

view full story

http://stackoverflow.com – I have iptables blocking all UDP traffic at the moment, however I want to allow only certain DNS queries to get through. Let's use google.com as an example. I am trying to use string matching to find the domain name in the request, and allow it. This is what I came up with. iptables -A OUTPUT -o eth0 -p udp --sport 53 -m string --string "google.com" --algo bm -j ACCEPT I have also tried --dport 53 instead of --sport. No dice. If anyone knows how this can be done or see's where I went wrong your help is appreciated! Thanks, Jarred (HowTos)