I came up with an interesting method for doing this recently. I haven't tried it out yet, and it may or may not work for you, but the general method would be something like:
$IPT -A INPUT -p tcp --tcp-flags ALL SYN,ACK -m state --state ESTABLISHED -m recent --name validconn --set $IPT -A INPUT -m recent --name validconn -rcheck --seconds 20 -p tcp --dport 113 -j REJECT --reject-with tcp-reset with rules specifically for what you want being something more like: $IPT -A INPUT -p tcp --tcp-flags ALL SYN,ACK -m state --state ESTABLISHED -m recent --name validconn --set -p tcp --sport 22 -s $SERVER_IP $IPT -A INPUT -m recent --name validconn -rcheck --seconds 20 -p tcp --dport 113 -j ACCEPT It's not exactly what you're asking for, but it's fairly close. Whenever you make a tcp connection to port 22 on the server, it'll open up port 113 from that server for the next 20 seconds. (20 seconds was chosen randomly, put whatever value you want there.) If you try it and it works, let me know. -Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Leahu > Sent: Thursday, June 27, 2002 2:31 PM > To: [EMAIL PROTECTED] > Subject: Dynamicly Updating Rules > > > Is there a way to dynamically add and remove rules to an iptables > live configuration? > > For example: > > I have a server and a workstion. the workstation is locked down > tightly. I would like for > when i ssh to a remote server, that iptables automatically opens > the ident port on the workstation > to that remote server, and after a connection is made, to > automatically close it back up again. > > Is this possible??? > > -- > Lee Leahu > Internet Technologies Specialist > RICIS, Inc. > > email--> [EMAIL PROTECTED] > voice--> 708-444-2690 > fax--> 708-444-2697 > > > >
