Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
New SuSEfirewall2 feature, what do u think?
  • From: "Mario Ohnewald" <mario.ohnewald@xxxxxx>
  • Date: Thu, 3 Jul 2003 14:01:26 +0200
  • Message-id: <KCEDJBGKMKIFFMDGHANOIEHOEDAA.mario.ohnewald@xxxxxx>
Hallo!

I am using the SuSEfirewall2 since a while now. Even on Debian systems.
But i was missing a feature that would only let a dynamic host access port
22.
E.g. you have a ISDN, DSL, Cable dial up account from your ISP, and your ip
changes every 24h.
here is a little workaround, what do you think?


## Insert into the first line of /sbin/SuSEfirewall2
# resolve ip
newip=`fping -A host.dyndns.org | awk '{print $1}'`

# check if ip changed
if [ "`cat /var/log/newip.log`" = "$newip" ]; then
exit
fi

# write new ip to cache, then load firewall rules
echo $newip > /var/log/newip.log

# apply new rules
echo "
fw_custom_before_antispoofing() {
iptables -A INPUT -p tcp -s $newip --dport 22 -j ACCEPT
true
}

fw_custom_before_port_handling() {

true
}

fw_custom_before_masq() {


true
}

fw_custom_before_denyall() {
true
}" > /etc/rc.config.d/firewall2-custom.rc.config


Another Ring of Security ;)
Is the SuSEfirewall2 from MarcĀ“s homepage still uptodate?


Cheers, Mario




< Previous Next >
This Thread
  • No further messages