Hi! I've got a problem with ipchains. I have T-DSL, so I'm assigned a different ip-address each time I connect to my provider. However, to block ports via ipchains I need to enter my dynamic IP as source/destination, so for dynamic IPs I got to have a dynamic script, doesnt I ?!? I thought about picking my ip from ifconfig by a command similar to that: ifconfig | grep P-t-P | awk '{print $2}' (I haven't really worked it out yet!) and then using this for a shell-script, that prints ipchains-commands directly into the shell. Greets, Jan!
Jan, you don't have to set the IP each time you dial in. You can build rules by using the interface you use to dial up, eg. ppp0. A rule to access NTP servers might be the following: ipchains -A output --sport 123 --dport 123 -p udp -i $DEV_INET -j ACCEPT ipchains -A input --sport 123 --dport 123 -p udp -i $DEV_INET -j ACCEPT This rule is independent from the IP number but will allow only ntp traffic at $DEV_INET. (Standard rule for this device is deny). Hope that helps, Ralf
Hi!
I've got a problem with ipchains. I have T-DSL, so I'm assigned a different ip-address each time I connect to my provider. However, to block ports via ipchains I need to enter my dynamic IP as source/destination, so for dynamic IPs I got to have a dynamic script, doesnt I ?!? I thought about picking my ip from ifconfig by a command similar to that:
ifconfig | grep P-t-P | awk '{print $2}'
(I haven't really worked it out yet!) and then using this for a shell-script, that prints ipchains-commands directly into the shell.
Greets, Jan!
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (2)
-
Jan Bloemen
-
Ralf Koch