Re: Firewalling with DHCP client
Bernd Harmsen wrote:
> [ From the book "linux firewalls"]
> Every time the IP Changes pump rewrites the /etc/resolv.conf and can
> call a script. Add a line like the following to your /etc/pump.conf
>
> script /etc/pump.skriptname
>
> There are three Parameters transfered to the script:
>
> $1 Reason
> $2 Interface
> $3 New IP
>
> Hope that helps,
> Bernd
Well, I tried that and it never worked. I tried to work around it by using a
text filter in my script. It sorta looks like this:
#!/bin/sh
# Set the path
PATH="/sbin"
# external network interface
EXTIFACE="eth0"
# External IP address
IPADDR=" /sbin/pump --status | grep IP: | sed -e 's/.*IP: //' "
# Drop incoming datagrans spoofing our address
iptables -A INPUT --source $IPADDR -i $EXTIFACE -j DROP
When I test the filter in the prompt I always get my IP address in return.
However, when I run it through the netfilter script I always end up with the
same error:
iptables v1.2.2: Unknown arg `--status'
Try `iptables -h' or 'iptables --help' for more information.
Why is it that NetFilter reads all of the information inside of the quotes and
not the outcome of the operation inside of the quotes>?
Stef
Reply to: