[Firewall] Custom-rules

Michel van Dop mvandop at xs4all.nl
Thu Jun 14 20:12:48 CEST 2012


 

Thanks Gustin, Lonnie and Arno! :-)

Arno van Amersfoort schreef op
2012-06-14 07:21: 

> Didn't know this either. Nice feature :-)
> 
> On
13-Jun-12 20:46, Gustin Johnson wrote:
> 
>> Cool, I did not know this.
It has been more than a few years since I last looked at this. Sent from
my Android device, please excuse my brevity. On Jun 13, 2012 12:09 PM,
"Lonnie Abelbeck" <lists at lonnie.abelbeck.com [6]
lists at lonnie.abelbeck.com>> wrote: Hi Gustin, 'iptables' actually builds
rules for each round-robin DNS entry, at least iptables v1.4.13 does. $
iptables -N TEST $ iptables -A TEST -s google.com <http://google.com
[7]> -j ACCEPT $ iptables -nvL TEST Chain TEST (0 references) pkts bytes
target prot opt in out source destination 0 0 ACCEPT all -- * *
74.125.227.98 0.0.0.0/0 0 0 ACCEPT all -- * * 74.125.227.105 0.0.0.0/0 0
0 ACCEPT all -- * * 74.125.227.102 0.0.0.0/0 0 0 ACCEPT all -- * *
74.125.227.99 0.0.0.0/0 0 0 ACCEPT all -- * * 74.125.227.96 0.0.0.0/0 0
0 ACCEPT all -- * * 74.125.227.104 0.0.0.0/0 0 0 ACCEPT all -- * *
74.125.227.97 0.0.0.0/0 0 0 ACCEPT all -- * * 74.125.227.101 0.0.0.0/0 0
0 ACCEPT all -- * * 74.125.227.110 0.0.0.0/0 0 0 ACCEPT all -- * *
74.125.227.103 0.0.0.0/0 0 0 ACCEPT all -- * * 74.125.227.100
0.0.0.0/0Lonnie On Jun 13, 2012, at 12:53 PM, Gustin Johnson wrote: 
>>

>>> iptables does accept domain names but it does a lookup, in a
>>
round robin dns situation you would end up with a rule that matches only
one of the returned IPs. 
>> 
>>> In the past I have used a cron job to
periodically update the
>> rules for that host. Something like this: for
each in "${array[@]}" ; do echo iptables -do -something $each ; done And
sometimes the is a dns change and
>> 
>>> _______________________
Firewall mailing list Firewall at rocky.eld.leidenuniv.nl [1] Firewall@
>>
denuniv.nl> Firewall at rocky.eld.leidenuniv.nl [8]
Firewall at rocky.eld.leidenuniv.nl>
> 
>
_______________________________________________
> Firewall mailing
list
> Firewall at rocky.eld.leidenuniv.nl
>
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux
IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl



Links:
------
[1] mailto:Firewall at rocky.eld.leidenuniv.nl
[2]
http://rocky.eld.leidenuniv.nl
[3]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
[4]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
[5]
http://rocky.eld.leidenuniv.nl
[6] mailto:lists at lonnie.abelbeck.com
[7]
http://google.com
[8]
http://rocky.eld.leidenuniv.n<div>

> LES Firewall) Homepage: http://rocky.eld.leidenuniv.nl [2] _______________________________________________ Firewall mailing list
</div>nuniv.nl
[9]
http://rocky.eld.leidenuniv.nl
[10]
http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120614/16da614c/attachment.html>


More information about the Firewall mailing list