Re: routing help on dual homed box
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 07 January 2002 01:22 pm, Willi Dyck wrote:
> On Mon, Jan 07, 2002 at 01:20:48PM -0600, Ron Johnson did this all
over the keyboard:
> > However, with a dhcp-assigned fully-routable IP address, how
> > can you create rules on it without 1st knowing the address?
> > So, mustn't you make it S38firewall?
> >
> > Of course, if you have a dhcp-assigned address that never
> > changes, I guess you could fudge things.
>
> why do you care about your ip address?
>
> iface=<your device>
>
> ifconfig ${iface} | grep 'inet' | cut -d: -f2 | cut -d " " -f1
So, to block port 1524, I can say
ipchains -A input -p tcp -s 0/0 1524 -j DENY -l -i $iface
instead of
ipchains -A input -p tcp -s 0/0 -d $out_ip/255.255.255.0 \
1524 -j DENY -l
- --
+------------------------------------------------------------+
| Ron Johnson, Jr. Home: ron.l.johnson@home.com |
| Jefferson, LA USA http://ronandheather.dhs.org:81 |
| |
! "Fair is where you take your cows to be judged." !
! Unknown !
+------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8OgnMjTz5dS9Us5wRAnnAAKCCkn66sWR3S2TCdl3ZNoq4uR4DeQCcDoRA
nBK4r0uP+GQuMoMzJQLBEMA=
=Pcsf
-----END PGP SIGNATURE-----
Reply to: