LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-16-2018, 04:30 AM   #1
glennbtn
Member
 
Registered: Dec 2009
Posts: 151

Rep: Reputation: 18
Iptables Reload advice


Hi All

I have a script that runs at startup loading all our firewall rules as we use this on multiple servers.

We have 1 users that have a dynamic ip rather than fixed and is using the no-ip service so we can add to the firewall. Rather than have a cron to keep reloading the whole firewall, is there a way to just reload 1 rule line so we can keep reloading regular incase the ip changes.

Many thanks Glenn
 
Old 10-16-2018, 04:41 AM   #2
bradvan
Member
 
Registered: Mar 2009
Posts: 367

Rep: Reputation: 61
Have a startup script that checks your ip address, use sed or perl to edit your iptables save file accordingly, then load it. I would think that should be fairly simple?
 
Old 10-21-2018, 07:01 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
On the lowest level the first thing would be to get rid of per-user iptables rules and dump all of those in an ipset bucket instead: this requires only one iptables rule plus the buckets contents can be modified on the fly without having to reload any iptables rule. On a higher level I'm sensing this won't synchronize, audit and scale well so maybe instead use a single bastion host which users can SSH (pubkey only of course) or VPN into?
 
Old 10-21-2018, 07:17 PM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Blog Entries: 3

Rep: Reputation: 194Reputation: 194
Agree with unSpawn. That is the easiest way to deal with such a problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ipTables advice smbelow Linux - Security 1 01-16-2013 11:16 AM
Advice for advanced iptables Tordne Linux - Security 6 05-23-2009 04:40 PM
Tomcat reload servlet is very slow, but reload jsp is fast and good? gsbarry Programming 2 04-28-2006 09:34 PM
IPTables Firewall Advice... Bomber Linux - Security 5 04-11-2004 01:17 AM
Iptables rules advice please pembo13 Linux - Security 1 11-04-2003 12:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration