Hi!
I've got a problem with ipchains. I have T-DSL, so I'm assigned a different ip-address each time I connect to my provider. However, to block
Hallo Jan, Jan Bloemen wrote: ports via
ipchains I need to enter my dynamic IP as source/destination, so for dynamic IPs I got to have a dynamic script, doesnt I ?!?
The PPP daemon calls a script, "/etc/ppp/ip-up" or so, after successful initiation of the connection. That script in turn calls "ip-up.local" in the same directory, with the the IP of both your host and the peer. You can place a call to your firewall script in that file. Greetings, Hans
I thought about picking my ip from ifconfig by a command similar to that:
ifconfig | grep P-t-P | awk '{print $2}'
(I haven't really worked it out yet!) and then using this for a shell-script, that prints ipchains-commands directly into the shell.
Greets, Jan!
-- hans.koerber@web.de http://hans.hn.org
Hi folks, maybe it's a silly question, or maybe I got something wrong there: Is there an advantage of setting an IP number in my firewall scripts rather than the interface? I chose to set up all rules for internet inbound and outbound traffic with the interface "ppp0" only. Is there a chance that my setup is more vulnerable than a setup with the always changing dynamic IP? I was always worried that my setup is too simple, because I run the firewall script once at boot time to set the firewall rules and don't do anything during runtime or even internet dial up. Thanks for clarification, Ralf
Hallo Jan,
Jan Bloemen wrote:
Hi!
I've got a problem with ipchains. I have T-DSL, so I'm assigned a different ip-address each time I connect to my provider. However, to block ports via ipchains I need to enter my dynamic IP as source/destination, so for dynamic IPs I got to have a dynamic script, doesnt I ?!?
The PPP daemon calls a script, "/etc/ppp/ip-up" or so, after successful initiation of the connection. That script in turn calls "ip-up.local" in the same directory, with the the IP of both your host and the peer. You can place a call to your firewall script in that file.
Greetings, Hans
I thought about picking my ip from ifconfig by a command similar to that:
ifconfig | grep P-t-P | awk '{print $2}'
(I haven't really worked it out yet!) and then using this for a shell-script, that prints ipchains-commands directly into the shell.
Greets, Jan!
-- hans.koerber@web.de http://hans.hn.org
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
* * Ralf 'coko' Koch * mailto:info@formel4.de * --- Hiroshima 45, Tchernobyl 86, Windows 2000
participants (2)
-
Hans Körber
-
Ralf Koch