Is this a good firewall?
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Sun Feb 20 03:05:50 UTC 2005
Kevin Old wrote:
>Here are a few questions:
>
>1) Is there I can allow a dynamic hostname to have unlimited access to
>the server? For example, if I'm a Comcast subscriber the hostname to
>my cable modem is 12-134345-112.nashville.comcast.com or something
>like that. Is there a way I can create a firewall rule to allow all
>*.nashville.comcast.com requests for any port rather than a static IP?
>
>
I wouldnt enable a wide range like that... What I would do is a little
shell script magic to open just the necessary IP...
This is how I'd do it:
1 - Register a dynamic DNS entry in any service like dnsalias.org . get
the autoupdate client and configure it on the machine connected to comcast.
This way , every time your home IP changes , the dns entry will be
pointing to it.
2 - make a little shell script which does something like this and set it
to run every 5 minutes on cron:
get the ip for hostname myhomemachine.dnsalias.org (for example)
if $HOMEIP is set , compare it with the IP you got on the first
step . If they are the same , just exit. If they're different:
set the $HOMEIP var and run the bash script of the firewall
This should be enough , if the firewall script uses the $HOMEIP variable
to configure the necessary lines..
>2) Are there other restrictions I should place on the 9 ports I have
>open? If so, what are they?
>
>
Sorry. Couldnt open your firewall script here.. my provider sometimes
has issues with some random servers :|
--
Pedro Macedo
More information about the fedora-list
mailing list