download:
dynfw-0.2.tgz, 11K, 2006-03-21

readme
1. Install

Copy the content of etc/ and sbin/ directories to the appriopriate place on your system (e.g. /usr/local/etc/ and /usr/local/sbin/).

2. Configure

There are 2 configuration files used by dynfw: etc/dynfw.conf and etc/dynfw.hosts:

• etc/dynfw.conf: set general options here, the format is 'option=XXX':

  ports=(num1 num2 ...) - specify the list of port numbers you want to control access to, example:
  

  port=(21 80)

  chain - name that will be used as a dynfw's iptables chain name

  dynfw_hosts - path to the file where dynamic hosts are defined

  dynfw_cache - path to the file where dynfw script will keep its caches

• etc/dynfw.hosts: define hosts that should get access. Put the lines in the folowing format for dynamic entries:

  port,your.dynamic-hostname.com,offline_ip

  where "offline_ip" is the IP address that DynDNS will point to, when your host is offline. Make sure, that your clients set DynDNS service to point to "offline_ip" when they disconnect from the network. When you execute dynfw, script will grant access to the dynamic ip of your host when it is online, or will remove entry from iptables if DynDNS points to offline address.

  For static IP entries, enter a line in the following format:

  port,ip_address

3. Usage

Run 'dynfw' manualy, when you want to update ip tables entries, or via cron entry like:

*/10 * * * * /usr/local/sbin/dynfw

This will launch dynfw to update ip tables entries every 10 minutes.

General dynfw command usage is:

dynfw [ OPTION ]

By default, if no option is specified, dynfw processes the config files plus cache file and updates ip tables entries accordingly.

-h, --help      show usage message
-f, --flush     flush, clean up. Flushes all the created iptables entries, cache files, etc.
-r, --reload    flush and reload all the caches, iptables entries. Execute dynfw -r each time you have modified configuration files