On Sat, 1 Jan 2000, Robert C. Paulsen, Jr. wrote: rp> Rogier Maas wrote: rp> > rp> > Hi, rp> > rp> > When the box dials in again, it gets a different IP number. The rp> > ipchains-rules however, remain on the other, obsolete address. How can I rp> > fix this? Now I have to make a choice. Either I resubmit the rules on rp> > the new IP, or I skip the firewalling stuff, thus letting others in... rp> > rp> > Can anyone help me with this? Is there a script I can run *before* the rp> > dialing? rp> > rp> > Thanks, rp> > rp> rp> Rogier, rp> rp> Take a look at the new firewals package (yes, that's spelled right!) rp> in the sec group. There is an update on SuSE's web page. It is a rp> script called /sbin.init.d/firewall (and yes, this too is spelled rp> right!) that builds up a nice set of ipchains rules based on the rp> actual state of the networking, taking into acount dynamically rp> assigned IP addresses. It is controlled by a config file: rp> rp> /etc/rc.firewall rp> rp> I run the script in /etc/ppp/ip-up.local and ip-down.local rp> I'm not sure if that will work for all instances though, what if the person is using an ethernet card out to an external isdn box say a ascend pipeline or similar. In which case an isdn connection doesn't trigger the ip-up and ip-down routines thus eliminating that as an option. For a modem or an isdn card, that will work as you can select the appropriate device in the network configuration menu of yast, but when it goes through an ethernet card, you need to setup the device as ethernet which won't trigger the routines. Or has someone worked around that which I'm not aware of at this time? rp> -- S.Toms - tomas@primenet.com - homepage is in the works SuSE Linux v6.2+ - Kernel 2.2.13 "In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/