The web is a wonderful resource often overlooked:-
Excerpt:- Specifying Source and Destination IP Addresses Source (`-s', `--source' or `--src') and destination (`-d', `--destination' or `--dst') IP addresses can be specified in four ways. The most common way is to use the full name, such as `localhost' or `
'. The second way is to specify the IP address such as `127.0.0.1'.
Have you tried a rule specifying the hostname, rather than the IP? That worked with IPCHAINS though it wasn't very efficient.
Yeah, it's a CNAME which translates to a lot of different IPs.
A better solution is to run your own DNS server, and make it return a NXDOMAIN answer or have it return a specific IP like 126.96.36.199 and then reject that on the firewall. Of course, if they are smart, they can tell their own resolver to try other name servers, so you'd want to block (or redirect) DNS queries as well.
Have you also looked at using a proxy server, and blocking unwanted sites there?
I notice you also posted this separately to comp.os.linux.security, though it's not really on topic there, and comp.os.linux.networking.. Please don't multipost. If you feel that it's really appropriate to more than one news group, use 'Cross-posting' (where you list ALL of the newsgroups, comma separated, in one article's newsgroup header. Also be sure to include a "Followups-to:' header pointing to ONE group where you can see all the replies.