-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On (07/06/05 19:34), Niall O Broin didst pronounce:
> Has anyone come across a prepackaged way of handling that?
> Conceptually, it's not that hard. You just maintain a list of the
> allowed hostnames with their current IPs and on a regular basis, look
> up the IPs again. If any have changed, you simply delete the
> corresponding rule from the accept chain, using the old IP which you
> have remembered, and insert a rule for the new IP. However, I imagine
> I'm not the first one to have come across this problem, and I hate to
> re-invent the wheel.
>It's not exactly what you want, but have you looked at port knocking? It
should be simple enough to set up iptables to log traffic to certain
specific ports, have a script tail the log file waiting for a specific
sequence, then add an ACCEPT rule for the source IP address? Security
through obscurity, I know, but it should suffice for what you want
(presuming the client side can handle random packets to random ports as
the "knocking").
- --
Chat ya later,
John.
- --
BOFH excuse #154: You can tune a file system, but you can't tune a fish
(from most tunefs man pages)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCpfVgQBw+ZtKOvTIRAmv5AJ4gbhZK7SbxF06KeG/i0GGTCHw//QCdGbNc
uVDBrY8HWaLHBkG7pjyg0kg=
=BreI
-----END PGP SIGNATURE-----
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
