I am using Debian Etch and Shorewall 3 to control IP access to my services. Currently, for database and SSH i use a no-ip account so I can use that instead of an IP range in shorewall (since my ISP address is dynamic). The problem is that it is kind of useless because shorewall needs to be restarted if the physical IP address that is stored in your no-ip pointer changes. The only solution I have found so far is to write a bash script to restart the firewall every x minutes using Cron. This seems a rather crude solution to me. Is there any way to configure shorewall so that it checks the IP address for a domain name instead of caching the address on restart?