I have a telnet enabled service, which doesn't have any form of authentication. Naturally I don't want to expose this to the public internet - so it's firewall. Now I want to allow my host to access it, but my host have a dynamic ip address. Iptables only support static ips and ip ranges - but for my use case I only wanted a single ip.
My solution is to update rules in iptables using cron, such that only the ip found at my dynamic dns is allowed through the firewall.
Example usage:
My solution is to update rules in iptables using cron, such that only the ip found at my dynamic dns is allowed through the firewall.
HOSTNAME=$1 IP=$(host $HOSTNAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1) # If chain for remote doesn't exist, create it if ! /sbin/iptables -L $HOSTNAME -n >/dev/null 2>&1 ; then /sbin/iptables -N $HOSTNAME >/dev/null 2>&1 fi # Flush old rules, and add new /sbin/iptables -F $HOSTNAME /sbin/iptables -I $HOSTNAME -s $IP -j ACCEPT # Add chain to INPUT filter if it doesn't exist if ! /sbin/iptables -C INPUT -t filter -j $HOSTNAME >/dev/null 2>&1 ; then /sbin/iptables -t filter -I INPUT -j $HOSTNAME fi
Example usage:
./dnsallow.sh my.dynamic.dns.com
