Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 10-19-2009, 03:21 PM   #1
LQ Newbie
Registered: Oct 2009
Posts: 6

Rep: Reputation: Disabled
Dynamic local subnet allowance based on current IP

I have devices that will roll out in mass to diff networks across the US. I have IP chains built to limit traffic and ports on both incoming and outgoing traffic, but in all cases it will be necessary for a person on site to physically un-plug the cat5 cable and then using a cross-over connect their laptop to the device with their IP configured with the same gateway and ip settings and establish an SSH session. Since each customer network will be of a diff IP scheme I want to make the static iptables settings that are pushed out on these devices as generic as possible.I do not want to have to build a custom set of rules per customer network.

What I need is a chain that will look at the current settings assigned to eth0 and allow anything on that same sub-net to connect. I realize I could prob do this with some kind of start-up script that builds chains based on the entries in /etc/networking/interfaces, but I wanted to see if perhaps this is possible using some of the functionality within iptables without resorting to a script. I welcome all input and thanks ahead of time for anyone who takes the time to reply!

Last edited by xxmsaxx; 10-19-2009 at 03:30 PM. Reason: make title more specific
Old 10-21-2009, 01:12 AM   #2
Registered: Nov 2006
Location: Slovenia
Distribution: Slackware 13.37
Posts: 511

Rep: Reputation: 37
You basically want iptables to read the current subnet of a interface device? Can't do...gonna have to script.
Here is how I get the interface info into a bash script:
# Interfaces
# Change your interfaces.

# Programs

## Interface preferences
# External
# If you don't use PPPoE or PPP connection change the P-t-P: with Bcast:
EXTIP="`$IFC $EXTIF | $G addr: | $SED 's/.*addr:\([^ ]*\) .*/\1/'`"
EXTBC="`$IFC $EXTIF | $G P-t-P: | $SED 's/.*P-t-P:\([^ ]*\) .*/\1/'`"
EXTMSK="`$IFC $EXTIF | $G Mask: | $SED 's/.*Mask:\([^ ]*\) .*/\1/'`"
Old 10-22-2009, 01:18 PM   #3
LQ Newbie
Registered: Oct 2009
Posts: 6

Original Poster
Rep: Reputation: Disabled
I have come to the same conclusion after many pages or reading, so it looks like a script it will be. I appreciate you adding that code snip into your post, much thanks!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[OT] unencrypted protocols in the local subnet - switched network noir911 Linux - Security 1 08-27-2009 07:47 AM
CUPS: does @LOCAL mean all computers in my subnet or just my computer? Meson Linux - Server 1 09-07-2008 04:44 PM
Exim, restrict sending from to local subnet humbletech99 Linux - Security 4 11-25-2005 04:07 AM
PHP or Perl help with probing current subnet noeffort Linux - Networking 1 10-24-2004 02:09 AM
Aargh!!! Not routing to local subnet sancho5 Linux - Networking 5 02-10-2004 02:11 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration