Re: shorewall dynip problem

To: debian-firewall@lists.debian.org
Subject: Re: shorewall dynip problem
From: Dominique Fortier <dfortier@Contre.COM>
Date: 23 Jan 2003 17:10:47 -0500
Message-id: <[🔎] 1043359847.785.162.camel@helium>
In-reply-to: <[🔎] 3E304B0C.3334.55A2F76@localhost>
References: <[🔎] 3E304B0C.3334.55A2F76@localhost>

Marci Phil !

Now that you specify it I recall reading this in the shorewall doc !

Maybe something like :

*/2 * * * * root shorewall reload

in /etc/crontab could do the trick.

That laptop gets its ip in a class B range so for now i accept that range when they require it.

TIA !

On Thu, 2003-01-23 at 14:05, Philippe Gaudron wrote:

> Helo all !
> 
[...]
> 
> ACCEPT:info     net:thelaptop.dynip.com    loc:192.168.0.10    tcp  
> http,https  -  all

As said in shorewall documentation 
(http://www.shorewall.net/configuration_file_basics.htm#dnsnames):

- WARNING: I personally recommend strongly against using DNS names in Shorewall 
configuration files

- When a DNS name appears in a rule, the iptables utility resolves the name to 
one or more IP addresses and inserts those addresses into the rule. So changes 
in the DNS->IP address relationship that occur after the firewall has started 
have absolutely no effect on the firewall's ruleset.


You have to find another way to restrict access to your internal Web server :( 
Authentication, SSL ?

Regards/cordialement,

Cordialement,

--
Philippe Gaudron


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Dominique Fortier
Consultant en Solutions Libres

Reply to:

References:
- Re: shorewall dynip problem
  - From: "Philippe Gaudron" <pgbob@wanadoo.fr>

Prev by Date: Re: shorewall dynip problem
Next by Date: network topology mapping
Previous by thread: Re: shorewall dynip problem
Next by thread: network topology mapping
Index(es):
- Date
- Thread