Tiger!P escribió: > On Tue, Aug 03, 2010 at 12:53:45PM -0300, Javier Marcon Servilink Web Hosting > wrote: > [cut html tags] > > Please, don't send html email, it is hard to read. > Sory for the html code. >> When I add hosts to >> vuurmuur, it only lets me put the ip but not the hostname, so I can't >> make host based rules to manage hosts that have dinamic ip address. How >> can I make a rule like this one with wuurmuur?: >> >> iptables -A INPUT -p >> tcp -s myhost.no-ip.org --dport 22 -j ACCEPT >> The problem is that iptables translates this rule to >> iptables -A INPUT -p tcp -s 127.0.0.1 --dport 22 -j ACCEPT >> and works with that. >> When the IP address of myhost.no-ip.org changes, iptables doesn't know >> that and won't allow the traffic from the new myhost.no-ip.org. >> This is the same for vuurmuur and therefor it is not possible to add >> hosts based on hostnames. >> >> You could use the PRE-VRMR-INPUT chains to add custom rules, but be >> aware of the problem mentioned above. >> >> [cut html tags] >> >> Tiger!P >>
I thought that iptables resolved the dns and cached the result, so when cahe expires it would update the ip in next dns query, but I was wrong. To handle this I should make a cron script that runs periodically (every 30 secconds for example) making a dns query and updating the host's ip on vuurmuur with: vuurmuur_script --modify --host xxx.world.inet --variable IPADDRESS --set $NEW_IP vuurmuur_script --reload Thanks, Javier. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
