Thanks, that's also a good idea. I'll try that too :) On Sat, 2004-02-21 at 19:23, c0ldbyte wrote: > How about a faster way to do that, that is static to any interface that > pops up, "iptables -A INPUT -i ! lo --tcp-flags SYN,FIN SYN,FIN -j DROP" > that will protect every interface that is not lo(Loop Back). > > On Sat, 21 Feb 2004 19:49:22 -0300 > Alexis <alexis@xxxxxxxxxxxx> wrote: > > > A fast way to do this is with a script and something like this (could > > be a lot of other options and ways to do this) > > > > MY_IP=`ifconfig eth0 | grep "inet addr" | cut -d':' -f2 | cut -d' ' > > -f1` > > > > and then > > iptables -A INPUT -p tcp -d $MY_IP --tcp-flags SYN,FIN SYN,FIN -j DROP > > > > of course, you need to change eth0 to the interface that you need to > > obtain an ip address. > > > > If this interface is related to an ppp interface it could be easy, in > > a file called ip-up in /etc/ppp you could set your script with the > > following vars > > > > # When the ppp link comes up, this script is called with the following > > # parameters > > # $1 the interface name used by pppd (e.g. ppp3) > > # $2 the tty device name > > # $3 the tty device speed > > # $4 the local IP address for the interface > > # $5 the remote IP address > > # $6 the parameter specified by the 'ipparam' option to pppd > > > > > > pppd executes this script when it comes up > > > > so you can use $1 where i put $MY_IP in the iptables command. > > > > then, if you need to change some parameters when the ppp connection > > cames down, just set it in ip-down > > > > and thats it > > > > > > > > > > Hello Anthony, > > > > Saturday, February 21, 2004, 9:46:59 AM, you wrote: > > > > AdAL> Hi, I would like to add a certain rule to my firewall, but I have a > > AdAL> dynamic IP, I'm wondering if there is some way I can work with this > > AdAL> the line is as follows: > > > > AdAL> iptables -A INPUT -p tcp -d <MyDynamicIP> --tcp-flags SYN,FIN SYN,FIN -j > > AdAL> DROP > > > > AdAL> Thanks for any information you can provide. > > > > AdAL> --tony > > > > > > -- > > Best regards, > > Alexis mailto:alexis@xxxxxxxxxxxx > > > > > > -- --------------------------------------------------------------- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html
