| View previous topic :: View next topic |
| Author |
Message |
strider2003
Apprentice
Joined: 14 Sep 2003
Posts: 151
Location: Spain
|
 Posted: Sun Sep 14, 2003 3:53 pm Post subject: Iptables & dhcp |
 |
|
I'm making a script for iptables. I have a cable connection with dhcp.
I would like to have a variable in the script like
IPADDR="my-ip-address"
so that i can use this variable in the rules.
The problem is that i don't know how to make this variable to have always the current ip address. |
|
| Back to top |
|
 |
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
| Posted: Sun Sep 14, 2003 4:15 pm Post subject: |
|
|
| Code: |
IPADDR=`/sbin/ifconfig eth0 | grep "inet addr" | cut -d: -f2 | cut -d' ' -f1`
|
|
|
| Back to top |
|
|
strider2003
Apprentice
Joined: 14 Sep 2003
Posts: 151
Location: Spain
|
| Posted: Sun Sep 14, 2003 4:21 pm Post subject: |
|
|
That's cool, thanks.
But I have another problem. The ip can change with the computer running. If it happens, how can i update the script, so that the rules refer to the new ip address.
Thanks again. |
|
| Back to top |
|
|
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
| Posted: Sun Sep 14, 2003 4:52 pm Post subject: |
|
|
you can put your firewall script as a cron job which executes for example every 5 minutes
you can install shorewall which is really simple to configure
you can... |
|
| Back to top |
|
|
Decibels
Veteran
Joined: 16 Aug 2002
Posts: 1630
Location: U.S.A.
|
| Posted: Sun Sep 14, 2003 4:56 pm Post subject: |
|
|
How bout this:
| Code: | ifconfig | grep -m1 'inet addr' | awk '{print $2}' | awk '
BEGIN{FS=":"} {print $2}' |
Darn, someone already posted. Well, this is another way.
Are you sure your ip address can change while computer is up? Dhcp usually leases a address to the computer and don't think it will change while computer is up. Maybe if up past the lease, but not sure on that either.
If I am wrong, maybe you could right a script to check the ip address and put it in cron. But I would think still you would have to stop and start iptables to apply the changes.
_________________
Support bacteria – they’re the only culture some people have.”
– Steven Wright |
|
| Back to top |
|
|
iarkin
n00b
Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
|
| Posted: Sun Sep 14, 2003 5:30 pm Post subject: |
|
|
Also, you could consider shorewall, it's really easy to configure. And it supports dynamically assigned IPs (dhcp)
After you install you can find all you need at www.shorewall.net, guides, config templates, joy and relief. 
/iarkin |
|
| Back to top |
|
|
fragbert
Tux's lil' helper
Joined: 18 Apr 2003
Posts: 75
Location: Dallas, TX
|
| Posted: Mon Sep 15, 2003 5:05 am Post subject: Re: Iptables & dhcp |
|
|
| strider2003 wrote: | I'm making a script for iptables. I have a cable connection with dhcp.
I would like to have a variable in the script like
IPADDR="my-ip-address"
so that i can use this variable in the rules.
The problem is that i don't know how to make this variable to have always the current ip address. |
Alternatively, you can just specify the interface when defining the rule, as opposed to using the IP address. This assumes that you aren't using the interface for anything other than the cable modem connections. So:
#iptables -A INPUT -i eth0 -p tcp --dport 25 -j DROP
Will drop tcp/25 traffic regardless of what address the interface got.
Good luck,
Michael |
|
| Back to top |
|
|
|
Networking & Security
