Am 19.10.2012 05:57, schrieb Hristo Benev: Good morning,
How about Step 1. You do ssh on your server from the client box with a non-privileged account into a specifically created home dir for that user. Step 2a. You detect this successfull login in the system logs by tailing the log and evaluating the login attempts. Then you have the IP, you write this into a specific file. or Step 2b. You don't ssh from the client box, but you scp (secure copy over ssh) a file you created on the client box that contains the new IP Step 3. You have a cron job running that looks for (via Makefile e.g.) modifications to the IP file and upon modification executes the make command. In the Makefile you have the commands to take your rules "basefile" (containing all rules you have in place anyway) and combines it with the IP file's contents and appends it to the shorewall rules file and after completion issues the shorewall restart command. The benefits of this approach over your original idea is a) you don't use a privileged account on either machine to transfer the IP information and you don't open a hole even if the client box is compromised b) you can automate it quite nicely and even if you modify your own ruleset, it wil "always" be incorporated Does it help or does it look too complicated even after the third reading? ;-) > Hi, > > I have following situation. I have client box that is behind dynamic IP. And > I would like to open specific port only for that client IP. > Every time IP changes I have to reconfigure firewall (Shorewall) and server > application. > > Is there a way to open port from script? > My initial idea is to detect change of IP on client side ssh to server and > execute script to close old IP and open for new one. > I can do replace on IP in /etc/shorewall/rules and reload shorewall. Is there > more elegant way of doing it? > > Any suggestions? > > Thanks > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_sfd2d_oct > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- Florian Piekert, PMP [email protected] =========================================================================== Note: this message was send by me *only* if the eMail message contains a correct pgp signature corresponding to my address at [email protected]. Do you need my PGP public key? Check out http://www.floppy.org or send me an email with the subject "send pgp public key" to this address of mine.Thx!
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
