Dynamic IP and firewall
Posted on 2007-03-19
We are running couple of web sites on our server for many different clients. We are also so kind/trustful that we allow our clients to login via ssh. Once the user wants to connect to server we add his/her IP address tu current rules for firewall( shorewall firewall ). The problem here is that some of our clients have dynamic IP addresses and we need to always change the firewall rules file with current IP address of client. This is very inefficient, and tedious work. Is that any way to do it more efficiently so the IP address in shorewall rules will be always current?
Couple things which can not be part of solution:
- ask client to get static IP
- change shorewall firewall
- create enormous traffic by querying ip address from domain name, etc..
Preferable things which are part of solution:
- easy to implement
- very low overhead on traffic