Is it possible to somehow use a domain instead of an ip address to filter traffic? Because my home ips are dynamic, they change from time to time which means i have to filter my SSH port like this ACCEPT net:211.155.0.0-211.155.255.255 fw tcp ssh Using a service like no-ip.com gives me a fixed address that updates everytime my ip address does, so is it possible to get shorewall to do this instead ACCEPT net:test.no-ip.com fw tcp ssh this would solve a lot of problems and close off complete ranges that can potentially access my SSH.