Actually the tool is there already.. called "iptables-restore + cron".
Simply set up your ruleset in a file using iptables-save syntax, but using hostnames instead of IP addresses for the dynamic-DNS addresses. Then periodically from cron reload the ruleset using iptables-restore. This will cause IP tables to periodically refresh the IP addresses with the frequency of your cron job. Be warned that you will then rely on DNS for correct filtering. If the DNS entry gets hijacked or there is a problem looking up the DNS addresses then your ruleset might be screwed.. Regards Henrik Nordström MARA Systems AB, Sweden "Mark Rinaudo (rr)" wrote: > > I was wondering if anyone has seen an extension to netfilter to allow > the use of dynamic dns names as sources in the filter table. > This would allow people with dynamic dns to be ACCEPT ed or DENY ed in > with a rule that would periodically > update its self as the client changed ip addresses. I'm not sure if > there is any security risk with this or not but I sure could use > something like this and would be interested in attempting an extension > to do it IF someone else isn't already working on this idea. > > Thanks > Mark Rinaudo
