I am using Debian Etch and Shorewall 3 to control IP access to my services. Currently, for database and SSH i use a no-ip account so I can use that instead of an IP range in shorewall (since my ISP address is dynamic). The problem is that it is kind of useless because shorewall needs to be restarted if the physical IP address that is stored in your no-ip pointer changes. The only solution I have found so far is to write a bash script to restart the firewall every x minutes using Cron. This seems a rather crude solution to me. Is there any way to configure shorewall so that it checks the IP address for a domain name instead of caching the address on restart?
Can't you modify your bash script to check whether the IP has changed, so that it restarts Shorewall only if it has changed? The script could store the previous IP address in a text file and compare the current IP address with it.
yeah that's a reasonable idea Ill give it a go. Restarting shorewall every 15 mins became unreliable and shorewall didnt always restart properly making the entire server inaccessible
