There is some "tricks" but, yeah, dynamic ips is somewhat a pain when you are playing with iptables.
The easiest way would be to not use ip adresses as all in your script and to use only "wildcarded" interface, like "ppp+". Using "ppp+" instead of "ppp0" as example, would tell your script that rules apply to "all interface starting by ppp".
If you _really_ need to create a rule by ip, it's a bit tricky. Personnaly, I made a script that check if my internet connection (DSL, so a ppp0 interface) is up AND if the ip changed (because sometime it crashes and come back so fast that the script doesn't understand it have been down). Thus, if it detects the ip changed, it "restarts" the firewall. Of course, you can't use "iptables-save" when you do that, but who need this anyways? Just make sure your _real_ iptables script (and not just the rules applied at shutdown) is started at bot time and it will be almost the same.
<edit>My dog's spelling is better than mine but I'm trying to hide that fact.
Last edited by Half_Elf; 10-11-2005 at 09:45 PM.
|