Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command:
# iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT
it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?
Thanks
Thanks for the cron idea, that got me to thinking.
I think what I'll do is have my phone knock on some port. Whenever that port gets a hit on the firewall, I can have specter update the rule. That way, it doesn't get updated much more often than necessary.
OK, that worked. For anyone out there that might be interested:
install a package called 'specter'. Add the following to the end of specter.conf:
# nlgroup 24, update ipaddress for yourname.dyndns.org - rule 9 in INPUT rule. Update when port 33333 is hit from outside
24 {
:BASE
:EXEC
command "/sbin/iptables -R INPUT 9 -s yourname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT"
}
and be sure to restart the specter service. The above assumes that you have an iptables rule on line 9 like so:
iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT
Then, you need to add the following iptables rule:
iptables -I INPUT 10 -p tcp -m tcp --dport 33333 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 2 --hashlimit-mode dstport --hashlimit-name n33333 -j ULOG --ulog-prefix "update dyndns" --ulog-nlgroup 24
Using the above, when you want to ssh in to/thru your firewall from your smartphone, you run the dyndns app on your phone to update your dyndns ip address, then you hit port 33333 however you want (you can telnet in to yourfirewall:33333). That triggers your firewall to update its rule for your actual ip address, and then you can ssh in from your phone, because your firewall is ready to allow it.
Don't know if anyone will ever care about this, but there it is...
Last edited by jeff_k; 09-12-2010 at 06:53 PM.
Reason: correct a mistake and make it more understandable
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.