Not enough information. Describe your problem a little more. For the time
being, I'm going to assume you're talking about rule definitions.
Tom can correct me if I'm wrong, but I don't think it would work to use
domain names since the domain names gets resolved only once when shorewall
is started|restarted.. but I thought of a quick hack you could use:
#WARNING THIS IS NOT TESTED.. this is only a draft. You'll have to work out
the details.
You can use this in a cronjob.
Essentially this will query a domain name for it's ip addresses; create a
string of the ips separated by commas, then replace the current line in
shorewall/rules that has the string "#google-updates" in it with the new
string that contains current ips.
#!/bin/bash
range=""
rulePrefix="ACCEPT net:"
ruleSuffix="All tcp 21 #google-updates"
ipList=( $(dig +short A google.com) )
# make a comma separated string of ips.
for ip in ${ipList[@]};do
range+=$ip,
done
# remove trailing comma
range=$(echo $range | sed '$s/.$//')
# replace the line in shorewall/rules that has a comment with the keyword
'google-updates' in it.
#sed 's/.*#google-updates.*/$rulePrefix$range$ruleSuffix/' other
On Sun, Aug 18, 2013 at 11:22 PM, Kaushal Shriyan
<[email protected]>wrote:
> Hi,
>
> How do i deal with a condition of frequently-changing IPs in a firewall?
> Say for example I have uploads.google.com mapped to a set of 4 IP's and
> it changes after 3 weeks to a new set of IP's.
> Any suggestions?
>
> Regards,
>
> Kaushal
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
