[lug] Firewall question

Kevin Fenzi kevin at scrye.com
Thu Jan 20 16:57:02 MST 2000


>>>>> "William" == "William Jarosko Jr " <winrip at fpcc.net> writes:

William> I'm working on making my ipchains rules alittle more
William> restrictive. I know I can define my ip address in a firewall
William> script if it is known. However with my isp assigning dynamic
William> IP's I am wondering where or how to retrieve the IP and
William> assign it to a variable in the firewall script.

William> <Example> external="ppp0" DYIP="Dynamic IP" any="any/0"
William> XWIN="6000:6063"


William> ipchains -A output -i $external -p tcp -y -s $DYIP -d $any
William> $XWIN -j REJECT ipchains -A input -i $external -p tcp -y -d
William> $DYIP $XWIN -j DENY

William> </Example>

William> As you can see, if the dynamic IP were in fact a static IP I
William> would have no problem but it's the assighing of the Dynamic
William> IP that is throwing me for a loop. Though buying a static IP
William> isn't out of the question I'd just like to figure this out.

Just add in something to come up with your ppp0 ip...

In the script I use sometimes:

LOCALIF=ppp0
LOCALIP=`/sbin/ifconfig $LOCALIF | grep inet | cut -d : -f 2 | cut -d \  -f 1`
LOCALMASK=`/sbin/ifconfig $LOCALIF | grep Mask | cut -d : -f 4`
LOCALNET="$LOCALIP/$LOCALMASK"

You will of course have to run this after every time you login. (in ppp-on?)

William> Thanks in advance Bill.

kevin
-- 
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution




More information about the LUG mailing list