[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewalling with DHCP client

Bernd Harmsen wrote:

> [ From the book "linux firewalls"]
> Every time the IP Changes pump rewrites the /etc/resolv.conf and can
> call a script. Add a line like the following to your /etc/pump.conf
>
> script /etc/pump.skriptname
>
> There are three Parameters transfered to the script:
>
> $1      Reason
> $2      Interface
> $3      New IP
>
> Hope that helps,
> Bernd

Well, I tried that and it never worked. I tried to work around it by using a
text filter in my script. It sorta looks like this:

#!/bin/sh
# Set the path
PATH="/sbin"
# external network interface
EXTIFACE="eth0"
# External IP address
IPADDR=" /sbin/pump --status | grep IP: | sed -e 's/.*IP: //' "

# Drop incoming datagrans spoofing our address
iptables -A INPUT --source $IPADDR -i $EXTIFACE -j DROP


When I test the filter in the prompt I always get my IP address in return.
However, when I run it through the netfilter script I always end up with the
same error:

iptables v1.2.2: Unknown arg `--status'
Try `iptables -h' or 'iptables --help' for more information.

Why is it that NetFilter reads all of the information inside of the quotes and
not the outcome of the operation inside of the quotes>?

Stef
Reply to: