[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables-save/restore with dynamic IP

also sprach Martin G.H. Minkler <dukeofnukem@gmx.net> [2004.10.21.1345 +0200]:
> >iptables-restore < file
> Sorry, beginners idiocy, copying stuff from a tutorial he read.

No reason to be sorry. It took me a while to learn this too...

> Although it is hardly imaginable that someone <tm> manages to
> spoof the interface match, I wanted my rules as tight as possible
> thus using interface _and_ DynIP ('$IPTABLES -A INPUT -p tcp -d
> $IP_INET -i $DEV_INET -m state --state NEW -j BLACKLIST')- it
> would naturally all be solved if I refrained from using variables
> and resorted to -i ppp0 instead.

Why do you want your rules to be as tight as possible? While
I fundamentally agree with this approach, I don't really see an
added value for limiting the destination address.

> But since I'm experimenting and learning, some non-pragmatical 
> approaches may occur, especially since I want to keep the script as 
> generic/cross-distro-usable as possible :-)

You do know that there are plenty firewall scripts for iptables
already, right?

Please do not CC me when replying to lists; I read them!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature

Reply to: