Hello Sebastian
Suggestion :
1. create script for this :
check_ssh_dyndns.sh
##############################
# delete rule (if it existed)
iptables -t filter -D CHECK_SSH_DYNDNS
# re-create rule
iptables -t filter -N CHECK_SSH_DYNDNS
# read the DynDNS ip
theHost=`host a.dyndns.org |awk '{print $4}'`
# Add it to allowed SSH
iptables -t filter -A CHECK_SSH_DYNDNS -p tcp --dport 22 -s $theHost
##############################
In your firewall script call this script
./check_ssh_dyndns.sh
In crontab, run this script every 5 mins (default
DynDNS TTL). It will keep your dyndns host in the
rules up to date.
*** note that this script may need adujstement, i didnt
tested it, I'm sending an idea
HTH
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
----- Original Message -----
From: "Sebastian Docktor" <sebi@xxxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, March 09, 2005 1:25 AM
Subject: Dynamic DNS
> Hi,
>
> I want to allow a Dynamic DNS Client to Access the SSH-Server
> on my Firewall. But I don't want to open SSH for all IPs,
> Is it possible that iptables always looks up the ip address from the
> hostname, so that only the ip has access which is registrated under
> the dyndns?
>
>
> --
> Sebastian Docktor <sebi@xxxxxxxxxxxx>
>
