Automatically set traffic rules for Dynamic IP Addresses from a Dynamic DNS Domain
Currently only works with
UFW, but could be easily adapted toIPTABLES. Feel free to contribute!
Allows traffic from IPv4 and optionally IPv6 addesses for a given domain.
$ ufw status
22 ALLOW IN 1111:1:1::1 # SSH from Dynamic IP (one.dynamic.dns.domain.tld)
22 ALLOW IN 2.2.2.2 # SSH from Dynamic IP (two.dynamic.dns.domain.tld)
22 ALLOW IN 2222:2:2::2 # SSH from Dynamic IP (two.dynamic.dns.domain.tld)
Multiple addresses supported per domain!
As well as multiple domains supported! Add as many Dynamic DNS domains as you want!
Firewall rules for addresses no longer in the DNS records are removed.
- ufw
- dig
- grep
- awk
- Download the latest release
- Copy to your desired location—for this example we will use
/var/cron - Run it to make sure it works without any errors
bash /var/cron/dynamic-dns-in-ufw.sh - Then enter crontab
$ sudo vim /etc/crontab - To the end of the line add one of the following:
- To run every hour add
0 * * * * root /var/cron/dynamic-dns-in-ufw.sh - Or for every half hour add
*/30 * * * * root /var/cron/dynamic-dns-in-ufw.sh
- Save and exit vim
:wq
- When you remove a domain you no longer need, the script will not remove the rules from your firewall. They need to be manually removed.
- Slack notifications upon error will be added soon!