Goal

Add a iptables rule for a dynamic changing IP with an associated dyndns host.

How to make your computer register your changing IP

#apt-get install inadyn

Create a /etc/inadyn.conf

#cat /etc/inadyn.conf
--username ********
--password ********
--update_period 60000
--alias *****.dyndns.org
--background

Start the process:

/usr/sbin/inadyn

Make it start at reboot:

#crontab -l
@reboot /usr/sbin/inadyn

First idea

Use the hostname directly in iptables. There are 2 problems:

  • the iptables manual says (quote):
-s, --source [!] address[/mask]              
Source specification.  Address can be either a network  name,  a              
hostname  (please  note  that specifying any name to be resolved              
with a remote query such as DNS is a really bad idea), a network              
IP address (with /mask), or a plain IP address.
  • the hostname is resolved only once when the rule is executed. It will not be checked each time (which is good by the way otherwise the firewall would not work anymore)

Second idea

Create a simple script which can be started by cron and will check from time to time, for a period and update the rules as needed

#!/bin/bash

#allow a dyndns name

HOSTNAME=myname.dyndns.org
CHECK_INTERVAL=1
#minutes
CHECK_FOR=480
#minutes equivalent for 8 hours

IP=$(host $HOSTNAME | cut -f4 -d' ')
echo Allow $IP here
#add the rules to allow access here
while [ $CHECK_FOR -gt 1 ]; do
sleep 1m
echo Tick $CHECK_FOR
OIP=$IP
IP=$(host $HOSTNAME | cut -f4 -d' ')
if [ $OIP != $IP ]; then
echo Not allow $OIP here
#clean up rules here
echo Allow $IP here
#allow rules here for new IP
fi
let CHECK_FOR=CHECK_FOR-1done
echo Not allow $IP here
#clean up rules here

Not much but simple. Hope it helps.

Comments:

bob -

Hello Len,

Thanks for this script although i am getting this error message when i run it, and it will run decrease the Tick every minute…Any ideas?
Thanks,

Tick 480
bash: [: too many arguments


Len -

The script is not complete, you should add your iptables rules, maybe there is an error there somewhere.


iptables allow dyndns domain name and auto update rules Drija -

[…] This blo post discusses the issue and sketches a solution. October 13, 2010 9:16 am Anonymous Good answer. Again I’ve to use script. Ok, how about if use mac address in the iptable rules October 13, 2010 9:54 am Riccardo Murri @user3215 MAC addresses stay local to your LAN; they will not travel across internet routers. October 13, 2010 9:57 am […]


con-f-use -

To post actual examples of the “clean up rules” and “add rules” would be great! Thx.