-A INPUT -s dynamichost.com u -p tcp -m tcp --dport 22 -j ACCEPT

The rule above will point to an IP address I want to SSH into my server, it is dynamic and can change.

It seems iptables won't update the actual address even if it has changed until it is restarted. I don't want a cron job that keeps restarting iptables for security reasons.

Anyone have any simple ideas to force iptables to update the hostname in a rule?

I ran across an interesting looking rule here but it doesn't work with my iptables:

http://www.la-samhna.de/library/brutessh.html

iptables -A INPUT -p tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --rttl \
--name SSH -j LOG --log-prefix "SSH_brute_force "

I'm not expert but the "--update" switch looked helpful even though it doesn't seem to be a valid iptables rule

Any help will be appreciated

thx!