Goal
Add a iptables rule for a dynamic changing IP with an associated dyndns host.
How to make your computer register your changing IP
#apt-get install inadyn
Create a /etc/inadyn.conf
#cat /etc/inadyn.conf
--username ********
--password ********
--update_period 60000
--alias *****.dyndns.org
--background
Start the process:
/usr/sbin/inadyn
Make it start at reboot:
#crontab -l
@reboot /usr/sbin/inadyn
First idea
Use the hostname directly in iptables. There are 2 problems:
- the iptables manual says (quote):
-s, --source [!] address[/mask]
Source specification. Address can be either a network name, a
hostname (please note that specifying any name to be resolved
with a remote query such as DNS is a really bad idea), a network
IP address (with /mask), or a plain IP address.
- the hostname is resolved only once when the rule is executed. It will not be checked each time (which is good by the way otherwise the firewall would not work anymore)
Second idea
Create a simple script which can be started by cron and will check from time to time, for a period and update the rules as needed
#!/bin/bash
#allow a dyndns name
HOSTNAME=myname.dyndns.org
CHECK_INTERVAL=1
#minutes
CHECK_FOR=480
#minutes equivalent for 8 hours
IP=$(host $HOSTNAME | cut -f4 -d' ')
echo Allow $IP here
#add the rules to allow access here
while [ $CHECK_FOR -gt 1 ]; do
sleep 1m
echo Tick $CHECK_FOR
OIP=$IP
IP=$(host $HOSTNAME | cut -f4 -d' ')
if [ $OIP != $IP ]; then
echo Not allow $OIP here
#clean up rules here
echo Allow $IP here
#allow rules here for new IP
fi
let CHECK_FOR=CHECK_FOR-1done
echo Not allow $IP here
#clean up rules here
Not much but simple. Hope it helps.
Comments:
bob -
Hello Len,
Thanks for this script although i am getting this error message when i run it, and it will run decrease the Tick every minute…Any ideas?
Thanks,
Tick 480
bash: [: too many arguments
Len -
The script is not complete, you should add your iptables rules, maybe there is an error there somewhere.
iptables allow dyndns domain name and auto update rules Drija -
[…] This blo post discusses the issue and sketches a solution. October 13, 2010 9:16 am Anonymous Good answer. Again I’ve to use script. Ok, how about if use mac address in the iptable rules October 13, 2010 9:54 am Riccardo Murri @user3215 MAC addresses stay local to your LAN; they will not travel across internet routers. October 13, 2010 9:57 am […]
con-f-use -
To post actual examples of the “clean up rules” and “add rules” would be great! Thx.