{"componentChunkName":"component---src-templates-blog-post-js","path":"/blog/ip-tables-and-dynamic-dns","result":{"data":{"allGhostPost":{"edges":[{"node":{"title":"IP Tables and Dynamic DNS","html":"<p>Having a dynamic IP address sucks. I always lock down my servers and allow SSH access only from trusted sources. Since I have a dynamic IP address, I need to automatically have my IP Tables rules updated everytime my IP address changes.</p>\n<p>I use <a href=\"http://no-ip.org\">No-IP</a> for my dynamic DNS hostname, you can use any service you like (you can even cook up your own dynamic dns client that utilizes your DNS provider's API, just make sure it points to your IP address all the time).</p>\n<p>I have my IP Tables set up like this:</p>\n<pre><code class=\"language-bash\"># SSH Chain\niptables -N SSH # Create the SSH chain\niptables -A INPUT -p tcp -m tcp --dport 22 -j SSH # Jump to the SSH chain on connection to port 22/tcp\niptables -A INPUT -p tcp -m tcp --dport 22 -j DROP # If it doesn't match the SSH chain, DROP the packet.\n\n# DYNAMIC Chain\niptables -N DYNAMIC # Create the DYNAMIC chain\niptables -A SSH -j DYNAMIC # Jump from the SSH chain to the DYNAMIC chain\n</code></pre>\n<p>I have also created a bash script that updates the DYNAMIC chain every minute:</p>\n<pre><code class=\"language-bash\">#!/bin/bash\n\niptables -F DYNAMIC # Flush the DYNAMIC chain\niptables -A DYNAMIC -s my-dynamic-dns-hostname.com -j ACCEPT # Accept packets from my-dynamic-dns-hostname.com\n</code></pre>\n<p>I saved it in <em>/root/dyndns.sh</em> and added it to crontab as a cronjob that runs every minute (* * * * *).</p>\n","published_at":"2013-08-07T11:24:00.000+03:00","slug":"ip-tables-and-dynamic-dns","tags":[],"plaintext":"Having a dynamic IP address sucks. I always lock down my servers and allow SSH\naccess only from trusted sources. Since I have a dynamic IP address, I need to\nautomatically have my IP Tables rules updated everytime my IP address changes.\n\nI use No-IP [http://no-ip.org]  for my dynamic DNS hostname, you can use any\nservice you like (you can even cook up your own dynamic dns client that utilizes\nyour DNS provider's API, just make sure it points to your IP address all the\ntime).\n\nI have my IP Tables set up like this:\n\n# SSH Chain\niptables -N SSH # Create the SSH chain\niptables -A INPUT -p tcp -m tcp --dport 22 -j SSH # Jump to the SSH chain on connection to port 22/tcp\niptables -A INPUT -p tcp -m tcp --dport 22 -j DROP # If it doesn't match the SSH chain, DROP the packet.\n\n# DYNAMIC Chain\niptables -N DYNAMIC # Create the DYNAMIC chain\niptables -A SSH -j DYNAMIC # Jump from the SSH chain to the DYNAMIC chain\n\n\nI have also created a bash script that updates the DYNAMIC chain every minute:\n\n#!/bin/bash\n\niptables -F DYNAMIC # Flush the DYNAMIC chain\niptables -A DYNAMIC -s my-dynamic-dns-hostname.com -j ACCEPT # Accept packets from my-dynamic-dns-hostname.com\n\n\nI saved it in /root/dyndns.sh  and added it to crontab as a cronjob that runs\nevery minute (* * * * *).","meta_description":null}}]}},"pageContext":{"slug":"ip-tables-and-dynamic-dns","prev":"mirroring-private-git-repositories-locally-the-easy-way","next":"nginx-and-ssl-root-key-security"}},"staticQueryHashes":["3649515864"]}