Iptable with dynamic dns

[MushinLinux]

I have a set of iptabless rules with allow connections from several ip's to perform connections to the server. One of those remote systems does not have a static ip. Is it possible to create a rule/script that adds a rule to iptables that cheks the ip of the remote system ?

Any help will be highly appreciated

[Kloschüssel]

You would need a cronjob that nslookups the dynamic ip and fixes the iptable rules. This solution is somewhat *argh* that I would not recommend it as a proper safe solution as you may end up in one of these situations:

* the ip is not updated correctly (either too slow or to a false positive) ==> the other cannot access the server
* the ip is updated to a false positive ==> someone else can access your server and you are not able to guarantee he is the right one
* worst case scenario: you block yourself from your server which means you have to travel to that computer

All situations can be triggered by tampering the dns cache and there are other situations that can result into above situations with a failure of the cronjob that updates the iptable rules.

Why not open your server to the world and use fail2ban against the evil guys and whitelist the static IPs?