rebuild dynamic IPtables chain with DNS lookups of named hosts

Find a file

tengel 9e832a0fe3 importing new rebuild		2024-03-20 11:20:58 -05:00
dyniptables.conf	importing new rebuild	2024-03-20 11:20:58 -05:00
dyniptables.ipt	importing new rebuild	2024-03-20 11:20:58 -05:00
dyniptables.sh	importing new rebuild	2024-03-20 11:20:58 -05:00
LICENSE	repo prep	2024-03-20 11:20:58 -05:00
README.md	importing new rebuild	2024-03-20 11:20:58 -05:00

README.md

dyniptables

rebuild dynamic IPtables chain with DNS lookups of named hosts

Server prep and usage:

Place script in /usr/local/sbin/dyniptables.sh (root:root, 0744)
Add to system on-boot iptables rules a new filter chain and (j)ump:
```
:DYNAMIC - [0:0]
-A INPUT -j DYNAMIC
```
...where DYNAMIC is the name of the $DCHAIN in dyniptables.conf
Add to root's crontab a refresh every 6 hours:
```
5 */6 * * * /usr/local/sbin/dyniptables.sh
```

Add an override.conf to systemd iptables startup:

DEB clones: `systemctl edit netfilter-persistent.service`
 or
RPM clones: `systemctl edit iptables.service`              (IPv4)
            `systemctl edit ip6tables.service`             (IPv6)

[Service]
ExecStartPost=/usr/local/sbin/dyniptables.sh     # (DEB, all rules)
 or
ExecStartPost=/usr/local/sbin/dyniptables.sh -4  # (RPM, IPv4 only)
ExecStartPost=/usr/local/sbin/dyniptables.sh -6  # (RPM, IPv6 only)

SPDX-License-Identifier: MIT