Re: Dynamic IP address in a rule?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Just because of that I don't like dynamic IPs. But, are you using more
> than one IP on that interface?? So, if you use more than one, there
> are only one you don't know(probably), specify the rules for the ones
> you know first!!
> If you have only one IP address, try simply doing the rule for the
> incoming interface and be happy ;)
>
> Another way is to set your after-dhcp script to reload your firewall!!

That is no solution. it may be for your cenario but not for the most of
people. Just think, if who makes the connection is a modem, and you have
your *unix machine on nat, that won't work.
Second, imagine that you have Fixed IP, and want to allow for a situation
somebody that has a dynamic IP, and allow it with it's dynamic host, how
would you? You wouldn't, the best was is to write some sort of script to
check when the IP on the host changes, and remove/reinsert the rule with
the dynamic host.

For iptables to do a DNS query every time a packet comes, that's a disaster.
But other thing cames in mind, when doing: "iptables -L" it does a reverse
lookup on the IP's, is iptables doing a reverse lookup on every packet? or
only when listing the rules?

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux