Rogier Maas said:
Hi,
I have a SuSE 6.3 box running as a firewall at school. It has an ISDN dialup, and I protect it using ipchains. I've made a script that loads the rules, and everything works fine....
Until the IP number changes.
When the box dials in again, it gets a different IP number. The ipchains-rules however, remain on the other, obsolete address. How can I fix this? Now I have to make a choice. Either I resubmit the rules on the new IP, or I skip the firewalling stuff, thus letting others in...
Can anyone help me with this? Is there a script I can run *before* the dialing?
According to the ipchains man page, -i, --interface [!] name Optional name of an interface via which a packet is received, or via which is packet is going to be sent. When this option is omitted, the empty string is assumed, which has a special meaning and will match with any interface name. When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. so it looks like you could do something like: /sbin/ipchains -A input -i ppp+ -s 123.45.67.0/24 -j DENY -l (or whatever) I would think you should be able to reformulate your rules to use this method instead of specifying the IP of the interface itself. If that's not possible then you could always write yourself an ip-up script that rewrites the ipchains rules automatically. -John -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/