RE: host names and IPs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

What you could do is to create a crontab with the following bash script

--start---
#!/bin/bash
NEWIP=`host klintan.cjb.net | awk '{print $4}'`

if [ -f /etc/current_ip ]
then
        OLDIP=`cat /etc/current_ip`
else
        # 1st time run
        OLDIP="255.255.255.255/32"
fi

if [ "$NEWIP" != "$OLDIP" ]
then
        RULENUM=`iptables -L INPUT --line-numbers | grep "$OLDIP" | grep
"tcp dpt:domain" | awk '{print $1'}`
        if [ -z "$RULENUM" ]
        then
                iptables -A INPUT -p tcp -s $NEWIP --dport 53 -j ACCEPT
        else
                iptables -R INPUT $RULENUM -p tcp -s $NEWIP --dport 53
-j ACCEPT
        fi
        echo $NEWIP > /etc/current_ip
fi
--end---

But I'm sure that there are other (and better) ways

/Klintan

> -----Original Message-----
> From: netfilter-admin@xxxxxxxxxxxxxxxxxxx 
> [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of 
> bill davidsen
> Sent: Tuesday, April 22, 2003 6:05 PM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Re: host names and IPs
> 
> 
> In article <003301c305a1$c04ab1a0$0500a8c0@xxxxxxxxxxx>,
> Florian Effenberger <floeff@xxxxxxxx> wrote:
> 
> | I'm on Linux 2.4.20 with iptables 1.2.7a. I have a syntax 
> as follows:
> | 
> | ===
> | iptables -A INPUT -p tcp -s www.myhostname.com --dport 53 -j ACCEPT 
> | ===
> 
> What is it you're trying to do here? A packet with your 
> source address would be going through the OUTPUT table, no? 
> An INPUT packet with your own IP would be spoofed. Are you 
> trying to accept DNS requests from yourself, in tcp (instead 
> of normal udp) mode?
> 
> | Now it seems that www.myhostname.com is resolved only the 
> first time 
> | the rule is set and that a fixed IP address is stored.
> | 
> | However, www.myhostname.com has a dynamically assigned 
> address and I 
> | would like to have iptables resolve the IP address everytime.
> | 
> | Is that possible? If yes, how? Or will it produce too much load?
> 
> There are several ways to re-resolve it, but I'm not clear on 
> why you don't just specify by interface.
> 
> How about some clarification on what you're trying to do, 
> rather than how you want to do it?
> -- 
> bill davidsen <davidsen@xxxxxxx>
>   CTO, TMR Associates, Inc
> Doing interesting things with little computers since 1979.
> 
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux