tengel/dyniptables
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
dyniptables/README.md
tengel 9e832a0fe3 importing new rebuild
2024-03-20 11:20:58 -05:00

1.1 KiB
Raw Permalink Blame History

dyniptables

rebuild dynamic IPtables chain with DNS lookups of named hosts

Server prep and usage:

  1. Place script in /usr/local/sbin/dyniptables.sh (root:root, 0744)
  2. Add to system on-boot iptables rules a new filter chain and (j)ump: 
    :DYNAMIC - [0:0]
-A INPUT -j DYNAMIC
    ...where DYNAMIC is the name of the $DCHAIN in dyniptables.conf
  3. Add to root's crontab a refresh every 6 hours: 
    5 */6 * * * /usr/local/sbin/dyniptables.sh
  4. Add an override.conf to systemd iptables startup: 
    DEB clones: `systemctl edit netfilter-persistent.service`
 or
RPM clones: `systemctl edit iptables.service`              (IPv4)
            `systemctl edit ip6tables.service`             (IPv6)

[Service]
ExecStartPost=/usr/local/sbin/dyniptables.sh     # (DEB, all rules)
 or
ExecStartPost=/usr/local/sbin/dyniptables.sh -4  # (RPM, IPv4 only)
ExecStartPost=/usr/local/sbin/dyniptables.sh -6  # (RPM, IPv6 only)

SPDX-License-Identifier: MIT