On Friday 28 March 2003 01:26 am, seberino@xxxxxxxxxxxxxxx wrote: > Steve > > Thanks for the email. Let me rerephrase my question. > Perhaps I wasn't clear.... > > How can you have a rule on your INPUT chain that > only allows your local box's IP address if "local box IP address" can > change without notice due to your DSL ISP's decision? Have a cron job that compares the output from ifconfig for the given interface with the output from "iptables -n -L INPUT". If they differ, then the job can delete the current rule and insert a new one. I wrote something similar for my system to adapt to a slow-changing IP on my DSL and update my SNAT rule and a text file with the new IP. It's unusual, however, to actually need to use your own IP in the INPUT chain, as the only destination IP's that should appear there are those of the box itself, either public (internet) private (lan) or localhost (127.0.0.1 typically) and those three situations can usually be determined by matching interface instead of IP. Normally the only time you'd need to match the IP in INPUT from the internet is when you have multiple public IP's, and usually in such cases they are static. (but not always, granted) j
