All of lore.kernel.org
 help / color / mirror / Atom feed
* Accept DNS Suffix
@ 2007-03-20  0:08 Dominic Caputo
  2007-03-20 16:42 ` Jan Engelhardt
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Dominic Caputo @ 2007-03-20  0:08 UTC (permalink / raw)
  To: netfilter

I currently have an ISP that has multiple address ranges that I wish to 
accept in my iptables ruleset. Is it possible for me to use the DNS Suffix 
instead of the actual ip as they are currently dynamically assigned. e.g. 
iptables -s nsw.bigpond.net.au   (current assigned address is 
cpe-203-45-103-100.nsw.bigpond.net.au).

Alternatively if the above is not available would I be able to setup a 
dyndns account and get my dsl modem to update the account and within my 
iptables config set: iptables -s homegw.dynalias.com

Thanks

Dominic 



^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Accept DNS Suffix
  2007-03-20  0:08 Accept DNS Suffix Dominic Caputo
@ 2007-03-20 16:42 ` Jan Engelhardt
  2007-03-20 18:13 ` Rob Sterenborg
  2007-03-21  0:05 ` John Arthur
  2 siblings, 0 replies; 6+ messages in thread
From: Jan Engelhardt @ 2007-03-20 16:42 UTC (permalink / raw)
  To: Dominic Caputo; +Cc: netfilter


On Mar 20 2007 11:08, Dominic Caputo wrote:
>
> I currently have an ISP that has multiple address ranges that I
> wish to accept in my iptables ruleset. Is it possible for me to use
> the DNS Suffix instead of the actual ip as they are currently
> dynamically assigned. e.g. iptables -s nsw.bigpond.net.au (current
> assigned address is cpe-203-45-103-100.nsw.bigpond.net.au).

Not possible*. iptables is handling ip, not dns.

> Alternatively if the above is not available would I be able to
> setup a dyndns account and get my dsl modem to update the account
> and within my iptables config set: iptables -s homegw.dynalias.com

See your distro documentation. openSUSE for example accepts custom
scripts in /etc/sysconfig/network/if-up.d with which you can call
iptables after dial-in. Anyway, not really a netfilter issue.


* I refrain from posting possibilities that would end up as Layering
Violations. Also, this would be prone to either (a) deadlock or (b)
slipthrough.


Jan
-- 


^ permalink raw reply	[flat|nested] 6+ messages in thread
* RE: Accept DNS Suffix
  2007-03-20  0:08 Accept DNS Suffix Dominic Caputo
  2007-03-20 16:42 ` Jan Engelhardt
@ 2007-03-20 18:13 ` Rob Sterenborg
  2007-03-21  0:05 ` John Arthur
  2 siblings, 0 replies; 6+ messages in thread
From: Rob Sterenborg @ 2007-03-20 18:13 UTC (permalink / raw)
  To: netfilter

> I currently have an ISP that has multiple address ranges that I wish
> to accept in my iptables ruleset. Is it possible for me to use the
> DNS Suffix instead of the actual ip as they are currently dynamically
> assigned. e.g. iptables -s nsw.bigpond.net.au   (current assigned
> address is cpe-203-45-103-100.nsw.bigpond.net.au).

AFAIK: no.
An iptables rule will do a DNS lookup for a *hostname*, but only once:
when the rule is created.


Grts,
Rob



^ permalink raw reply	[flat|nested] 6+ messages in thread
* RE: Accept DNS Suffix
  2007-03-20  0:08 Accept DNS Suffix Dominic Caputo
  2007-03-20 16:42 ` Jan Engelhardt
  2007-03-20 18:13 ` Rob Sterenborg
@ 2007-03-21  0:05 ` John Arthur
  2 siblings, 0 replies; 6+ messages in thread
From: John Arthur @ 2007-03-21  0:05 UTC (permalink / raw)
  To: 'Dominic Caputo', netfilter

Dominic

> I currently have an ISP that has multiple address ranges that 
> I wish to 
> accept in my iptables ruleset. Is it possible for me to use 
> the DNS Suffix 
> instead of the actual ip as they are currently dynamically 
> assigned. e.g. 
> iptables -s nsw.bigpond.net.au   (current assigned address is 
> cpe-203-45-103-100.nsw.bigpond.net.au).

 
 dig -t ptr 254.127.45.203.in-addr.arpa

2 minutes with dig.. Tells me that Bigponds block for nsw is
203.45.64.0/18

CPE-203-45-64-0.nsw.bigpond.net.au.
CPE-203-45-127-255.nsw.bigpond.net.au.


Which is what you want but I'm not sure I'd want to let all the bots
through my firewall

John





^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: Accept DNS Suffix
  2007-03-20  0:02 Dominic Caputo
@ 2007-03-20 14:44 ` Cedric Blancher
  0 siblings, 0 replies; 6+ messages in thread
From: Cedric Blancher @ 2007-03-20 14:44 UTC (permalink / raw)
  To: Dominic Caputo; +Cc: netfilter

Le mardi 20 mars 2007 à 11:02 +1100, Dominic Caputo a écrit :
> I currently have an ISP that has multiple address ranges that I wish to 
> accept in my iptables ruleset. Is it possible for me to use the DNS Suffix 
> instead of the actual ip as they are currently dynamically assigned. e.g. 
> iptables -s nsw.bigpond.net.au   (current assigned address is 
> cpe-203-45-103-100.nsw.bigpond.net.au).

No it's not possible. Netfilter only works on IPs, which means if you do
that, iptables will resolve the DNS name _now_ and use the result to
push the rule that won't be updated afterwards if IP changes.

However, if you have an idea of how often the IP changes, you can write
a script that queries the name regularly and update your ruleset
accordingly when it changes.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Accept DNS Suffix
@ 2007-03-20  0:02 Dominic Caputo
  2007-03-20 14:44 ` Cedric Blancher
  0 siblings, 1 reply; 6+ messages in thread
From: Dominic Caputo @ 2007-03-20  0:02 UTC (permalink / raw)
  To: netfilter

I currently have an ISP that has multiple address ranges that I wish to 
accept in my iptables ruleset. Is it possible for me to use the DNS Suffix 
instead of the actual ip as they are currently dynamically assigned. e.g. 
iptables -s nsw.bigpond.net.au   (current assigned address is 
cpe-203-45-103-100.nsw.bigpond.net.au).

Alternatively if the above is not available would I be able to setup a 
dyndns account and get my dsl modem to update the account and within my 
iptables config set: iptables -s homegw.dynalias.com

Thanks

Dominic 



^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-03-21  0:05 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-20  0:08 Accept DNS Suffix Dominic Caputo
2007-03-20 16:42 ` Jan Engelhardt
2007-03-20 18:13 ` Rob Sterenborg
2007-03-21  0:05 ` John Arthur
  -- strict thread matches above, loose matches on Subject: below --
2007-03-20  0:02 Dominic Caputo
2007-03-20 14:44 ` Cedric Blancher

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.