Find the answer to your Linux question:
Results 1 to 2 of 2
I have a set of iptabless rules with allow connections from several ip's to perform connections to the server. One of those remote systems does not have a static ip. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2011
    Posts
    1

    Iptable with dynamic dns


    I have a set of iptabless rules with allow connections from several ip's to perform connections to the server. One of those remote systems does not have a static ip. Is it possible to create a rule/script that adds a rule to iptables that cheks the ip of the remote system ?

    Any help will be highly appreciated

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    You would need a cronjob that nslookups the dynamic ip and fixes the iptable rules. This solution is somewhat *argh* that I would not recommend it as a proper safe solution as you may end up in one of these situations:

    * the ip is not updated correctly (either too slow or to a false positive) ==> the other cannot access the server
    * the ip is updated to a false positive ==> someone else can access your server and you are not able to guarantee he is the right one
    * worst case scenario: you block yourself from your server which means you have to travel to that computer

    All situations can be triggered by tampering the dns cache and there are other situations that can result into above situations with a failure of the cronjob that updates the iptable rules.

    Why not open your server to the world and use fail2ban against the evil guys and whitelist the static IPs?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •