[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables-save/restore with dynamic IP

martin f krafft wrote:
also sprach Martin G.H. Minkler <dukeofnukem@gmx.net> [2004.10.20.1420 +0200]:

('cat <file> iptables-restore' will restore that table

another useless use of cat

iptables-restore < file

Sorry, beginners idiocy, copying stuff from a tutorial he read.

Unfortunately I am working with a dynamically assigned IP that is passed to the iptables script called in /etc/ppp/ip-up by pppd.

Why do you care about your IP in the firewall rules? Use interface
matching instead!

Although it is hardly imaginable that someone <tm> manages to spoof the interface match, I wanted my rules as tight as possible thus using interface _and_ DynIP ('$IPTABLES -A INPUT -p tcp -d $IP_INET -i $DEV_INET -m state --state NEW -j BLACKLIST')- it would naturally all be solved if I refrained from using variables and resorted to -i ppp0 instead.

But since I'm experimenting and learning, some non-pragmatical approaches may occur, especially since I want to keep the script as generic/cross-distro-usable as possible :-)

Thanks anyway


Reply to: