question ipchain-ip address
Hi I'm writing custom ip chains and am filtering out ip addresses that are not mine. the book i bought on ipchains specifys a static ip address for me in the chains but my internet provider gives me a dynamic ip address on my modem connection. How can I associate the dynamic address with the static address in my ip chains? Is there a better way? PLEASE HELP
On Sun, 9 Sep 2001, J Barnes wrote:
I'm writing custom ip chains and am filtering out ip addresses that are not mine. the book i bought on ipchains specifys a static ip address for me in the chains but my internet provider gives me a dynamic ip address on my modem connection. How can I associate the dynamic address with the static address in my ip chains? Is there a better way? In most situations it is enough to specify the interface only (-i ppp0) and don't care about the ip.
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Am Montag, 10. September 2001 07:42 schrieben Sie:
I'm writing custom ip chains and am filtering out ip addresses that are not mine. the book i bought on ipchains specifys a static ip address for me in the chains but my internet provider gives me a dynamic ip address on my modem connection. How can I associate the dynamic address with the static address in my ip chains? Is there a better way?
I guess you want to deny packets that seems to come from yourself? I that case you have to start yout firewallscript every time you get a new ip / every time you dial in. So place it in /etc/ppp/ip-up.local Best regards Christian Uhde -- Christian Uhde uhde@growler.de http://www.christian-uhde.de --
On Sun, 09 Sep 2001 16:16:38 -0500, J Barnes wrote:
Hi I'm writing custom ip chains and am filtering out ip addresses that are not mine. the book i bought on ipchains specifys a static ip address for me in the chains but my internet provider gives me a dynamic ip address on my modem connection. How can I associate the dynamic address with the static address in my ip chains? Is there a better way?
PLEASE HELP
You can call the ipchains script from the ip-up script which is executed after dialup. One of the parameters within ip-up is the IP address your ISP allocated for you. But you should remember to flash the chains before you add rules to them at dialup or when the link goes down, otherwise you might be unconsciously adding the rules again every time you dialin. Another way would be to use interfaces (e.g. -i ppp0) because you won't normaly have incoming traffic that comes from your own address on the outside interface (at least I never experienced that). To allow local (you machine only) traffic use -i lo to specify the loopback device as interface. Hope this helps. Regards, Martin Brecher --- fork (2) - New processes are created by other processes, just like new humans. New humans are created by other humans, of course, not by processes. (Unix System Administration Handbook)
participants (4)
-
Christian Uhde
-
J Barnes
-
Markus Gaugusch
-
Martin Brecher