Jan, you don't have to set the IP each time you dial in. You can build rules by using the interface you use to dial up, eg. ppp0. A rule to access NTP servers might be the following: ipchains -A output --sport 123 --dport 123 -p udp -i $DEV_INET -j ACCEPT ipchains -A input --sport 123 --dport 123 -p udp -i $DEV_INET -j ACCEPT This rule is independent from the IP number but will allow only ntp traffic at $DEV_INET. (Standard rule for this device is deny). Hope that helps, Ralf
Hi!
I've got a problem with ipchains. I have T-DSL, so I'm assigned a different ip-address each time I connect to my provider. However, to block ports via ipchains I need to enter my dynamic IP as source/destination, so for dynamic IPs I got to have a dynamic script, doesnt I ?!? I thought about picking my ip from ifconfig by a command similar to that:
ifconfig | grep P-t-P | awk '{print $2}'
(I haven't really worked it out yet!) and then using this for a shell-script, that prints ipchains-commands directly into the shell.
Greets, Jan!
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here