Quote Originally Posted by Kloschüssel View Post
You have two options:

1] reload the complete iptables (easier ==> /etc/init.d/iptables reload)
2] remove the old rules and add the new ones with the correct ip

1.1] downtimes (even small, but there are downtimes)
1.2] you loose all statistics stored in iptables (i.e. packet counts)
1.3] regular calculation overhead (cpu time) for nothing (but can be ignored)

2.1] complicated to achieve
2.2] even here calculation overhead (cpu time) for nothing

x.y] in both cases you have a estimated downtime window between one check and the other. i.e. if you check every 15 minutes if the ip changed, then it possibly changes right after a check at 15min + t (t => 0) and you only check again in 15 minutes. Thus during these 15 minutes your service is down.

This is why I would recommend a DNS solution. I for instance run a whiterussian router that provides dhcp leases to the network and thus publishes himself as dns server. Hence he is the authority to decide dns name resolution and as such he can surrogate all network clients that a hostname may be on different IPs. One point to configure, all time works, no need to maintain until you change the domain name.
I agree 100% that if downtime means anything to you, then you should use DNS to resolve the situation. I had my own file/web server at home and if it was down for a bit, it wasn't a big deal. I guess you have to decide what your priority is.