dad311
Guru
- Joined
- Jan 13, 2008
- Messages
- 604
- Reaction score
- 2
I'm using this script to update ssh, web, etc iptables when the domain ip changes. Place the script in the crontab and run it every 30 minutes.
Assumptions: This presupposes that you have created FQDN's using a service such as DynDNS for your remote location, some sort of dynamic updating software on the same subnet as your remote location in order to keep DynDNS IP addresses current. It also assumes that you have blocked ssh, web, etc access to your server and then added ssh,web,etc entries to /etc/sysconfig/iptables with the FQDNs of your remote location:
Example for tcp port 22 (ssh) from iptables:
-A INPUT -p tcp -m tcp -s fqdn.dyndns.org --dport 22 -j ACCEPT
#!/bin/bash
fqdn="domain.com"
phone="mydomain"
iptest=`nslookup $fqdn | tail -2 | cut -f 2 -d " " | head -1`
if [ ! -s "$phone" ]; then
echo "1.1.1.1" > $phone
fi
iplast=`cat $phone`
if [ $iptest != $iplast ]; then
echo "Don't match"
echo "Dropped: $iplast"
echo "Added : $iptest ($phone: $fqdn)"
service iptables restart
echo $iptest > ipremote
# iptables -nL
exit 1;
else
echo "Matched: $iptest"
fi
Assumptions: This presupposes that you have created FQDN's using a service such as DynDNS for your remote location, some sort of dynamic updating software on the same subnet as your remote location in order to keep DynDNS IP addresses current. It also assumes that you have blocked ssh, web, etc access to your server and then added ssh,web,etc entries to /etc/sysconfig/iptables with the FQDNs of your remote location:
Example for tcp port 22 (ssh) from iptables:
-A INPUT -p tcp -m tcp -s fqdn.dyndns.org --dport 22 -j ACCEPT
#!/bin/bash
fqdn="domain.com"
phone="mydomain"
iptest=`nslookup $fqdn | tail -2 | cut -f 2 -d " " | head -1`
if [ ! -s "$phone" ]; then
echo "1.1.1.1" > $phone
fi
iplast=`cat $phone`
if [ $iptest != $iplast ]; then
echo "Don't match"
echo "Dropped: $iplast"
echo "Added : $iptest ($phone: $fqdn)"
service iptables restart
echo $iptest > ipremote
# iptables -nL
exit 1;
else
echo "Matched: $iptest"
fi