Forgot something important
you must add a jump from INPUT to the new
rule
iptables -A INPUT -j CHECK_SSH_DYNDNS
so the rule become active :)
also : add -m state --state NEW to CHECK_SSH_DYNDNS
HTH
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
----- Original Message -----
From: "Maxime Ducharme" <mducharme@xxxxxxxxxxxxxxxxxxx>
To: "Sebastian Docktor" <sebi@xxxxxxxxxxxx>; <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, March 09, 2005 10:17 AM
Subject: Re: Dynamic DNS
>
> Hello Sebastian
>
> Suggestion :
>
> 1. create script for this :
>
>
> check_ssh_dyndns.sh
> ##############################
> # delete rule (if it existed)
> iptables -t filter -D CHECK_SSH_DYNDNS
>
> # re-create rule
> iptables -t filter -N CHECK_SSH_DYNDNS
>
> # read the DynDNS ip
> theHost=`host a.dyndns.org |awk '{print $4}'`
>
> # Add it to allowed SSH
> iptables -t filter -A CHECK_SSH_DYNDNS -p tcp --dport 22 -s $theHost
> ##############################
>
>
> In your firewall script call this script
> ./check_ssh_dyndns.sh
>
>
>
> In crontab, run this script every 5 mins (default
> DynDNS TTL). It will keep your dyndns host in the
> rules up to date.
>
> *** note that this script may need adujstement, i didnt
> tested it, I'm sending an idea
>
> HTH
>
> Maxime Ducharme
> Programmeur / Spécialiste en sécurité réseau
>
> ----- Original Message -----
> From: "Sebastian Docktor" <sebi@xxxxxxxxxxxx>
> To: <netfilter@xxxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, March 09, 2005 1:25 AM
> Subject: Dynamic DNS
>
>
> > Hi,
> >
> > I want to allow a Dynamic DNS Client to Access the SSH-Server
> > on my Firewall. But I don't want to open SSH for all IPs,
> > Is it possible that iptables always looks up the ip address from the
> > hostname, so that only the ip has access which is registrated under
> > the dyndns?
> >
> >
> > --
> > Sebastian Docktor <sebi@xxxxxxxxxxxx>
> >
>
