|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[suse-security] New SuSEfirewall2 feature, what do u think?
From: Mario Ohnewald (mario.ohnewald
gmx.de)
Date: Thu Jul 03 2003 - 07:01:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hallo!
I am using the SuSEfirewall2 since a while now. Even on Debian systems.
But i was missing a feature that would only let a dynamic host access port
22.
E.g. you have a ISDN, DSL, Cable dial up account from your ISP, and your ip
changes every 24h.
here is a little workaround, what do you think?
## Insert into the first line of /sbin/SuSEfirewall2
# resolve ip
newip=`fping -A host.dyndns.org | awk '{print $1}'`
# check if ip changed
if [ "`cat /var/log/newip.log`" = "$newip" ]; then
exit
fi
# write new ip to cache, then load firewall rules
echo $newip > /var/log/newip.log
# apply new rules
echo "
fw_custom_before_antispoofing() {
iptables -A INPUT -p tcp -s $newip --dport 22 -j ACCEPT
true
}
fw_custom_before_port_handling() {
true
}
fw_custom_before_masq() {
true
}
fw_custom_before_denyall() {
true
}" > /etc/rc.config.d/firewall2-custom.rc.config
Another Ring of Security ;)
Is the SuSEfirewall2 from Marcīs homepage still uptodate?
Cheers, Mario
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]