Re: Firewall Rules and Ip Address

[Steven Pritchard <steve@silug.org>]

On Thu, Mar 11, 2004 at 09:34:59PM -0600, Mark Thurman wrote:
> I found a firewall script online and it has a variable for your external
> IP address.  I get my IP through DHCP and was wondering if there was any
> environment variable that you could use in the script since you don't
> know what IP you'll get from the server.

Nope.  All you can do is something like this:

  IPADDR=$( /sbin/ifconfig eth0 | awk '/inet addr/{print $2}' | cut -d: -f2 )

(And there's a million ways to do the same thing, BTW.)

There's probably also a way to get hotplug
(http://linux-hotplug.sourceforge.net/) or the DHCP client to run the
script when the interface comes up/changes address.

Honestly though, you can get by without specifying your address with
iptables.  (If the script uses ipchains, Just Say No.)  Recent
versions of my little firewall script
(http://www.kspei.com/projects/genfw/ - Red Hat/Fedora and derivatives
only still) handle dynamic external addresses by just doing

  iptables -t nat -A POSTROUTING -i $outside -s $inside_net -j MASQUERADE

instead of

  iptables -t nat -A POSTROUTING -i $outside -s $inside_net -j SNAT \
      --to $outside_address

Steve
-- 
steve@silug.org           | Southern Illinois Linux Users Group
(618)398-7360             | See web site for meeting details.
Steven Pritchard          | http://www.silug.org/

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.