IPCHAINS and dynamic IP addresses
At the moment I just have a masquerading firewall but I'm hoping to add a shell script containing ipchains rules onto it soon. At the moment the script defines variables at the beginning and uses them later. ie. #!/bin/sh EXTERNAL_INTERFACE="eth0" IP_ADDR="192.168.1.20" ipchains -A input $EXTERNAL_INTERFACE -s $IP_ADDR etc.etc. Although there is a problem. I've got a dynamically assigned IP address, so in theory I'd have to re-configure the script every time PPP was started. Is there and environment variable in BASH to do the job $IP_ADDR or something like that, but then how does it know which? eth0 or ppp0? I feel I'm going to have to write a more cunning piece of script for this one. Any ideas? Kind Regards Charles P.W. Price ------------------------------ charlie@iago.org.uk www.iago.org.uk
There is a way it is done using grep and cut take a look at the script on http://firewall.langistix.com just downloadit and read the firewall.sh script after unpacking it I really liked the way they do it all you do is tell the script the interface and then it determines the ip adress and it even checks for rfc1918 quite interesting! I borrowed their idea for mine. On Thu, 27 Jul 2000, Charles Price wrote:
Date: Thu, 27 Jul 2000 18:30:00 +0100 From: Charles Price <suselist@iago.org.uk> To: suse security-listserv <suse-security@suse.com> Subject: [suse-security] IPCHAINS and dynamic IP addresses
At the moment I just have a masquerading firewall but I'm hoping to add a shell script containing ipchains rules onto it soon. At the moment the script defines variables at the beginning and uses them later. ie.
#!/bin/sh
EXTERNAL_INTERFACE="eth0" IP_ADDR="192.168.1.20"
ipchains -A input $EXTERNAL_INTERFACE -s $IP_ADDR etc.etc.
Although there is a problem.
I've got a dynamically assigned IP address, so in theory I'd have to re-configure the script every time PPP was started. Is there and environment variable in BASH to do the job $IP_ADDR or something like that, but then how does it know which? eth0 or ppp0? I feel I'm going to have to write a more cunning piece of script for this one. Any ideas?
Kind Regards
Charles P.W. Price ------------------------------ charlie@iago.org.uk www.iago.org.uk
Noah ksemat@eahd.or.ug
-----BEGIN PGP SIGNED MESSAGE----- Why don't you try the ip-up script as you talk about ppp. I know that SuSE has an ip-up script with firewall rules set up (with ipfwadm as I remember). - --- Bogdan Zapca System Administrator SC EcoSoft SA Internet Service Provider 1-7 Deva st, Cluj-Napoca, Romania Tel: +40 64 199696 PGP: http://www.itotal.ro/lupe@admin2.ecosoft.ro.pgp http://www.ecosoft.ro On Thu, 27 Jul 2000, Charles Price wrote:
At the moment I just have a masquerading firewall but I'm hoping to add a shell script containing ipchains rules onto it soon. At the moment the script defines variables at the beginning and uses them later. ie.
#!/bin/sh
EXTERNAL_INTERFACE="eth0" IP_ADDR="192.168.1.20"
ipchains -A input $EXTERNAL_INTERFACE -s $IP_ADDR etc.etc.
Although there is a problem.
I've got a dynamically assigned IP address, so in theory I'd have to re-configure the script every time PPP was started. Is there and environment variable in BASH to do the job $IP_ADDR or something like that, but then how does it know which? eth0 or ppp0? I feel I'm going to have to write a more cunning piece of script for this one. Any ideas?
Kind Regards
Charles P.W. Price ------------------------------ charlie@iago.org.uk www.iago.org.uk
-----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOYFTMtPv6ylvTc6pAQEjOgP+I5uechpDb2imW+n0Gs9q+NYk5O0Ucii+ HlWp4oRXx5ap2b0cNY3FOH83dxugFsdiXaVfPNQ8oN0my0ekfZQKn3W40m+tQ731 STFrauFD0G7tkIz5nm8V00jeIj6zYIq3KLB6rd6bNxLB9O3Leonm1VFunibficxE sNE20LEZoXU= =jcK3 -----END PGP SIGNATURE-----
participants (3)
-
Bogdan Zapca -
Charles Price -
ksemat@wawa.eahd.or.ug