Hi you should use the ip-up and ip-down script in the /etc/ppp directory. In addition you should have a look at the SuSE-support-database, If I remember correctly, there is a way described how you can read the current IP of your interface to the internet and enabling the rules for this directly by use this IP. But if you do not want to do it in this way, switch to iptables with kernel 2.4.x. THX MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961 eric.draven@aon.at 09.09.01 13:19 To: suse-security@suse.com cc: Subject: [suse-security] IPCHAINS with dynamic DNS Hi all, i recognized a strange (?) behavior of IPCHAINS toward dynamic DNS names. I have the following problem: i use a dialup-connection at home and want to grant SSH-access to our company server, but (of course) only for my IP. So I registered some dynamic DNS-service and applied the host "xxx.ath.cx". Now i added the neccessary rules to ipchains, using this hostname. It was working fine. But after i reconnected (and got a new IP) it was not working anymore. Strange. Then i re-checked the rules and saw that ipchains obviously resolves the IP of "xxx.ath.cx", reverse lookups it and inserts THIS result (which is now the hostname given by my provider) to the final rules. So the original rule of: ipchains -I input 1 -j ACCEPT -l -p tcp -i eth0 -s xxx.ath.cx -d dst 22 is translated to: (ipchains -L) target prot opt source destination ports ACCEPT tcp ----l- L0099P99.dipool.highway.telekom.at dst any -> ssh which is not really what i want.. :/ Is there any solution? Deleting and re-inserting this rules every minute via crontab is something i would not really like to do.. best regards, E. -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com