From owner-freebsd-ipfw@FreeBSD.ORG  Mon Apr  4 09:07:22 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1BA0916A4CE
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Apr 2005 09:07:22 +0000 (GMT)
Received: from mail2-new.vianetworks.nl (mail2-new.vianetworks.nl
	[212.61.9.29])	by mx1.FreeBSD.org (Postfix) with ESMTP id 9A36C43D48
	for <freebsd-ipfw@freebsd.org>; Mon,  4 Apr 2005 09:07:21 +0000 (GMT)
	(envelope-from bts@iae.nl)
Received: from anaconda (jugar.iae.nl [212.61.26.58])
	by mail2-new.vianetworks.nl (Postfix) with SMTP id F2268544E1F;
	Mon,  4 Apr 2005 11:07:19 +0200 (CEST)
From: "Martin" <bts@iae.nl>
To: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>,
	"Sergei Gnezdov" <use-reply-to@gnezdov.net>,
	"sergei@gnezdov.net" <sergei@gnezdov.net>
Date: Mon, 04 Apr 2005 10:06:48 +0200 (CDT)
Priority: Normal
X-Mailer: PMMail 2.20.2380 for OS/2 Warp 4.5
In-Reply-To: <slrnd4775d.79b.use-reply-to@gnezdov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <20050404090719.F2268544E1F@mail2-new.vianetworks.nl>
Subject: Re: DHCP with ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Martin <bts@iae.nl>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2005 09:07:22 -0000

ON 5+, you also have to open up the MAC layer FW:

ipfw add allow mac via xl0

If the DHCP server is slow and did not reply back before the
dhclient did continue the boot process, you maybe you do have 
to reload the FW rules once your DHCP connection is established.

/Martin

On Fri, 25 Mar 2005 05:07:30 +0000 (UTC), Sergei Gnezdov wrote:

>/etc/rc.conf:
>
>  ifconfig_rl0="DHCP"
>
>  firewall_type="client"
>  firewall_enable="YES"
>
>When my machine boots firewall is initialized before DHCP obtains IP
>address.  This results in incomplete firewall configuration.  How do I
>fix this?
>
>My /etc/rc.firewall initialized with the following commands:
>
>  net=`ifconfig rl0 | grep "inet " | awk '{print $6}'`
>  mask="255.255.255.0"
>  ip=`ifconfig rl0 | grep "inet " | awk '{print $2}'`
>
>
>
>_______________________________________________
>freebsd-ipfw@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"