RE: Firewalling with DHCP client
> Michael Wood wrote:
> > Depending on exactly what it is you're doing in your script, you
> > might be able to set up the rules based on the interface instead
> > of the IP address. This way you can set up the firewall rules
> > on boot before you even bring up the networking and not have to
> > change them when your IP address changes.
Basically I have modified /etc/init.d/networking to execute my netfilter
script before any interfaces are brought up. All rules are based on the
and not the IP address. I've also added a few extra features to the
init script to improve performance and security. (I posted it in a
about two months ago)
>Michel D'HOOGE wrote:
> In most of the firewall examples, there are antispoofing rules at the
> beginning. And in this case, you need your IP address. However the
> kernel can check IP spoofing directly (rp_filter in 2.2) but I don't
> know what it is doing exactly.
What I want to do is have an IP spoof protection script execute after
the interfaces are brought up. I've already found a good example over at
www.linux-firewall-tools.com Now I only need to implement it.
Bernd Harmsen wrote:
> [ From the book "linux firewalls"]
> Every time the IP Changes pump rewrites the /etc/resolv.conf and can
> call a script. Add a line like the following to your /etc/pump.conf
> script /etc/pump.skriptname
> There are three Parameters transfered to the script:
> $1 Reason
> $2 Interface
> $3 New IP
> Hope that helps,
Funny how they never include information like that in the manual pages.
experiment with that later tonight and let you know how it turns out.
Thanks for all your help guys,