Dear friends,

My knowledge of iptables configuration that uses static IP for its external ethernet device is to set the external IP address to be:

extdev=eth0 (e.g)
extip=xxx.xxx.xxx.xxx (my external IP)

however if for my case I have to set a firewall that s connected to internet with dynamic ip, which means my extip changes everytime disconencted, i learnt that I should use extdev=ppp0 and extip='ifconfig bla bla bla some kind of complicated scripts that capture the extip'

then I should not do ipables-save > /etc/sysconfig/iptables, else it would stuck at each reboot.

my question is....if not supposed to do iptables-save, then what is the correct way to do it so it reboots ok?

pls guide me the right way...really appreiate for your hhelp,

There is some "tricks" but, yeah, dynamic ips is somewhat a pain when you are playing with iptables.

The easiest way would be to not use ip adresses as all in your script and to use only "wildcarded" interface, like "ppp+". Using "ppp+" instead of "ppp0" as example, would tell your script that rules apply to "all interface starting by ppp".

If you _really_ need to create a rule by ip, it's a bit tricky. Personnaly, I made a script that check if my internet connection (DSL, so a ppp0 interface) is up AND if the ip changed (because sometime it crashes and come back so fast that the script doesn't understand it have been down). Thus, if it detects the ip changed, it "restarts" the firewall. Of course, you can't use "iptables-save" when you do that, but who need this anyways? Just make sure your _real_ iptables script (and not just the rules applied at shutdown) is started at bot time and it will be almost the same.

<edit>My dog's spelling is better than mine but I'm trying to hide that fact.