Re: [Shorewall-users] Ping only from known domains

Fri, 12 Oct 2007 01:57:50 -0700 

Prasanna Krishnamoorthy schreef:
> On 10/12/07, Bart Verstraete <[EMAIL PROTECTED]> wrote:
>   
>> Ping/ACCEPT
>> net:proxy.ovh.net,proxy.p19.ovh.net,proxy.rbx.ovh.net,ping.ovh.net $FW
>>     
> ...
>   
>> would it be possible if the domain name is a dynamic ip?
>>     
>
> Shorewall tries to resolve the IP once on 'shorewall start', and adds
> this into iptables. There's no way of changing this dynamically, once
> shorewall is done.
>
> So, if this is a dyndns domain name, it'll only work till the IP changes.
>
> Prasanna.>
>   
>> Grts Bart
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>     
>
>
>   
I don't  think the ovh.net domainnames are dynamic? But if I use that 
rule I also can ping it from my private dynamic ip? And that I dont 
wanne! Then you can ping it from other pc's too.

The hosting ompanie say that these domains have to be able to ping the 
server. They gave the following iptable rules:
/sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.ovh.net -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.p19.ovh.net -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p icmp --source proxy.rbx.ovh.net -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p icmp --source ping.ovh.net -j ACCEPT

Bart

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to