# dyniptables

rebuild dynamic IPtables chain with DNS lookups of named hosts

### Server prep and usage:

  1. Place script in /usr/local/sbin/dyniptables.sh (root:root, 0744)
  2. Add to system on-boot iptables rules a new filter chain and (j)ump:
      ```
      :DYNAMIC - [0:0]
      -A INPUT -j DYNAMIC
      ```
     ...where DYNAMIC is the name of the $DCHAIN in dyniptables.conf
  3. Add to root's crontab a refresh every 6 hours:
      ```
      5 */6 * * * /usr/local/sbin/dyniptables.sh
      ```
  4. Add an override.conf to systemd iptables startup:
      ```
      DEB clones: `systemctl edit netfilter-persistent.service`
       or
      RPM clones: `systemctl edit iptables.service`              (IPv4)
                  `systemctl edit ip6tables.service`             (IPv6)

      [Service]
      ExecStartPost=/usr/local/sbin/dyniptables.sh     # (DEB, all rules)
       or
      ExecStartPost=/usr/local/sbin/dyniptables.sh -4  # (RPM, IPv4 only)
      ExecStartPost=/usr/local/sbin/dyniptables.sh -6  # (RPM, IPv6 only)
      ```

SPDX-License-Identifier: MIT