-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Mittwoch, 26. Juni 2002 09:43 schrieb Steffen Dettmer:
Solution: Get yourself a static name for your dynamic IP. This is not a solution. It works for me.
Is that available from all providers? Martin www.dyndns.org This is about forward-lookups only (Name --> IP), not for reverse lookups. This is right.
Ok, I will explain how this works here: I have made a iptables-script. The first rule of my EXT_CHAIN is a dummy entry to disallow ssh-Traffic. iptables -A EXT_CHAIN -i eth0 -p tcp -s 0.0.0.0/0 --dport 22 -j REJECT I also wrote a program wich will look for my 5 dns-names (www.dyndsl.com ...). It resolvs those 5 names to the IP and looks if at least 3 match. It will then delete the first rule of EXT_CHAIN: iptables -D EXT_CHAIN 1 After this it will insert as first rule my IP open for ssh: iptables -I input -s 1.2.3.4/32 -i eth0 -d 4.3.2.1/32 ssh:ssh -p tcp -j ACCEPT If it can't find my IP it will REJECT all Traffic on Port 22. I run this program all 30 Minutes. So this will only work acceptable if you have a flatrate which I have. If you don't have flat, you have to run the script more often. Still you have to wait a couple of minutes to get on the server. Hope everybody did understand my explanation. With this one doesn't have worry too much about those OpenSSH-Exploits. They really are getting pretty much lately. With nice regards, Michael. - -- Key fingerprint = 3D66 5A8F 53C0 3AD3 3470 74A6 64AC 55D1 8AFB B436 SysQuadrat Michael Weinert Stuttgart Filderstadt-Plattenhardt Tel.: 0711-9970288 Fax: 5360559 Mobil: 0170-4141273 http://www.linux-firewall.de weinert@sys2.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9GXVhZKxV0Yr7tDYRAg9HAJ9ZpceHV9SOPPEDIDakok5rUd97/gCfaN/Y wgjCRq48rAIFsXaSBuTrcag= =TJEM -----END PGP SIGNATURE-----