dnutan
(Marc)
January 5, 2023, 2:29pm
5
A cronjob that periodically checks the domain IP and changes the firewall object accordingly is another option but not the best/safer one.
Some examples:
this code looks logically correct but syntacticly a little shakey - ive updated it to the following - add your hostname
myhost=‘my hostname’
myhostip=$(dig +short myhost)
old=(db hosts getprop myhost IpAddress)
if [ “$old” != “$myhostip” ]
then db hosts setprop $myhost IpAddress $myhostip
echo signal-event firewall-objects-modify
fi
Unrelated to fail2ban but a quick & dirty script to get the changing IP address of a domain (lets say of another of your publicly reachable hosts) could be something like this:
#!/bin/bash
#
# Update host object IP address (to be used with firewall rules, i.e. for public domain)
# (Requires: dig, ipcalc, e-smith commands)
#
# get IP address
ip=$( /usr/bin/basename $( /usr/bin/dig +short domain.tld A | tr '\n' '/' ) 2>&- )
# validate IPv4 address
if ! /usr/bin/ipcalc -c "$ip"; then exit; fi
#…
But VPN is safer.
1 Like