iptables-save/restore with dynamic IP

To: debian-firewall@lists.debian.org
Subject: iptables-save/restore with dynamic IP
From: "Martin G.H. Minkler" <dukeofnukem@gmx.net>
Date: Wed, 20 Oct 2004 14:20:56 +0200
Message-id: <[🔎] 41765828.9090504@gmx.net>
Reply-to: ifpadmin@uni-bonn.de

Alohá!

Trying to insert a 1.4MB blacklist as quickly as possible it was pointedout to me to use the iptables-save command which outputs whole tables inone go and can naturally be piped into a file ('cat <file>iptables-restore' will restore that table accordingly) rather thanrunning a huge shellscript that makes iptables retrieve the wholeruleset from kernelspace, update it and reinsert it (takes around 30 minfor this list).

Unfortunately I am working with a dynamically assigned IP that is passedto the iptables script called in /etc/ppp/ip-up by pppd.

Now, the best tutorial ever <tm> http://iptables-tutorial.frozentux.netstates that there are a few more or less clumsy workarounds by sed-ingthe iptables-save file for the ips and replacing them with the validvalues for each connection cycle (every 24h), saving to a tmp-file andthen iptables-restoring that table. While I can see that it is possiblethat way I still was wondering whether there is a more elegant solutionto this...



Thank You all for Your donation of brainpower!

Martin

Reply to:

Follow-Ups:
- Re: iptables-save/restore with dynamic IP
  - From: martin f krafft <madduck@debian.org>
- Re: iptables-save/restore with dynamic IP
  - From: deb list <deb@newproject.pl>

Prev by Date: Re: iptables -A or iptables -I?
Next by Date: Re: Optimizing Kernel for huge iptables ruleset
Previous by thread: Re: Mail Delivery (failure jkhoo@macsense.com.au)
Next by thread: Re: iptables-save/restore with dynamic IP
Index(es):
- Date
- Thread