Only because my client doesn't have a static IP address and i don t want
to open ports for everybody ... Am i wrong to try that ?Yes. Why don't you match on MAC address instead?-Tom
I suppose that you want to open ports from the net side of your fw.In similar cases that I encountered ipsets + some scripting solved the problem.
Since you know your clients host name "foo.no-ip.org" or whatevera dig or host or nslookup will tell you the IP address that you can then insert into your ipsets
make this a daemon that wakes up every x minutes.make sure you flush your particular set before you update to delete garbage ips.
So shorewall + ipsets is the thing you have to study now :-) Harry
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
