FreeBSD Mail Archives

Date:      Mon, 10 Mar 2014 19:57:33 -0400
From:      Jason Hellenthal <jhellenthal@dataix.net>
To:        Joe Nosay <superbisquit@gmail.com>
Cc:        =?utf-8?Q?Ermal_Lu=C3=A7i?= <eri@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, John-Mark Gurney <jmg@funkthat.com>
Subject:   Re: Using pf.conf with public access points.
Message-ID:  <AF2D3781-6A50-4B92-9EF3-201A5E9687F6@dataix.net>
In-Reply-To: <CA%2BWntOusW84FL0iERf=CqVJxO3cxqM86365=HVbhwhBoW9=_EA@mail.gmail.com>
References:  <CA%2BWntOsQG-OeF8AmiftKt6-7upXTN7Pnv4ogZJmt6kjZ0GsZAA@mail.gmail.com> <20140309231829.GG32089@funkthat.com> <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net> <CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg@mail.gmail.com> <71CCF277-8BF7-4C3B-9F9E-2095EA4CC060@dataix.net> <CA%2BWntOusW84FL0iERf=CqVJxO3cxqM86365=HVbhwhBoW9=_EA@mail.gmail.com>


[-- Attachment #1 --]
I feel as if you are over thinking this project just a little.

dhclient has nothing to do with the bssid.
wlanX can be setup to use DHCP and for wep or wpa or open connections in rc.conf.
You can't control others firewalls only your own so why the worry about that ?

-- 
 Jason Hellenthal
 Voice: 95.30.17.6/616
 JJH48-ARIN

> On Mar 10, 2014, at 16:41, Joe Nosay <superbisquit@gmail.com> wrote:
> 
> 
> 
> 
>> On Mon, Mar 10, 2014 at 2:56 PM, Jason Hellenthal <jhellenthal@dataix.net> wrote:
>> I nearly forgot all about that feature thank you for the reminder.
>> 
>> 
>> -- 
>>  Jason Hellenthal
>>  Voice: 95.30.17.6/616
>>  JJH48-ARIN
>> 
>>> On Mar 10, 2014, at 10:20, Ermal Luçi <eri@freebsd.org> wrote:
>>> 
>>> Usually pf(4) does support having dynamic ips inside its ruleset.
>>> For example just putting the interface name as address or putting $iface:0 for first address etc...
>>> 
>>> Take a look an man page of pf.conf and search for the string 'Interface names and interface group names can'
>>> 
>>> 
>>>> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal@dataix.net> wrote:
>>>> You'll want to not use up addresses in your pf.conf
>>>> 
>>>> Block on default and then open up by definition of ports instead. Forget the whole IPAddr thing and treat this as a roaming client firewall.
>>>> 
>>>> 
>>>> --
>>>>  Jason Hellenthal
>>>>  Voice: 95.30.17.6/616
>>>>  JJH48-ARIN
>>>> 
>>>> > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg@funkthat.com> wrote:
>>>> >
>>>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400:
>>>> >> 2. How do I compensate for the use of public access points when the IP
>>>> >> addresses will always be different?
>>>> >
>>>> > it doesn't appear that pf has this ability, but it looks like ipfw
>>>> > has this, from ipfw(8):
>>>> >             me      matches any IP address configured on an interface in the
>>>> >                     system.
>>>> >
>>>> > So, maybe switching to ipfw might be an option..
>>>> >
>>>> > --
>>>> >  John-Mark Gurney                Voice: +1 415 225 5579
>>>> >
>>>> >     "All that I will do, has been done, All that I have, has not."
>>>> > _______________________________________________
>>>> > freebsd-net@freebsd.org mailing list
>>>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>> 
>>> 
>>> 
>>> -- 
>>> Ermal
> 
> 
> Has anyone thought about putting themselves in an environment similar to mine- not everything- when it comes to networking? You would have to set everything up with the following parameters:
> 1. Because you are at more than one place, you cannot setup wlanX or the wlandev in rc.conf. They must always be created after booting and logging in.
> 2. Dhclient cannot be automatic because a public access area may have more than one available bssid for connecting.
> 3. Since each public access will have different firewalls, streaming and web services may not be able to be ran.
> 4. A script would probably work better than static settings in this case.
> 
> 

[-- Attachment #2 --]
0�	*�H��
��0�10	+0�	*�H��
��90�00����0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
130518085048Z
140519220947Z0H10Ujhellenthal@dataix.net1%0#	*�H��
	jhellenthal@dataix.net0�"0
	*�H��
�0�
��'`T�mfkܨJ5�u+c�'�U�p�b����`��zv�)&ȸX�Z*V��N�6�Jv�LoV�o�h�}�g�
p�QǄKf/�tZ�A�˳(���"4Ԅ��˻�'�d2h|��IB�l�'���^v�^��;'��e8�S��9�9���ۿVm|k8_UQ��t�C�"5�l��!kjZ]އQGn����\��B��h�!FT�sD�%���pV^�E��ӑd¨x͸"�9
г"��������f����0��0	U00U�0U%0++0U�ڔ�fm��V�ʢ�$䟓�0U#0�Sr풜���\|~�5N�ԸQ�0!U0�jhellenthal@dataix.net0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�{0���Ӹ,52��W{��E�y�8�b�[���{��7��_�+��P�"��n�[���"-�,��@Žp��J��-W��$ݍ�jWA��-6���z��(	���RdIZ�.����Kz�X�є[�K6}{�s+v.�Q��h�0���P�ͅK��h�Tw0I�7�3l��z*�Kv��4Kkگ��6�3;�p1:ױ����@)����]o�k>:W�%Xw�C1þL�/�o8���~#�oP�0�40��0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�"0
	*�H��
�0�
��	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N�����0��0U�0�0U�0USr풜���\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+Z0X0'+0�http://ocsp.startssl.com/ca0-+0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+��70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*�H��
�
�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢������o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�Ǉ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�0��0���0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0�"0
	*�H��
�0�
����	�lF|x��{�3��rb��6 "$^��w�C
�d�̎6�8�#�nm�<�r����=�3+�/���AYg��}
�t��yL�7z�9RY��FC�҅���q�ub4�,����4�ǖ�R=�3��M�;JK��&/��r5w�<]���&�6v\�t%������x�-�0-ry�F�*�����I������
�cS�b�:̵f��kt�+�v>�m��D�sb;ľ�SV%lQ	���ʿv�m��ۿ=f�V���H�:KߧXP�8u�[�C����lMp[)e�ݪ]̯1��ҍ��{�n�'fH�nB�?�!>{�
p�c��lT�\%zɢɋ��,~^MXn�
�2�����n��6I�Hi�M�i�
���y"H��{i�p��z7��
�vOW��������`�g:�����ԋr"�Ɵ���������ƶ�\R<��*s
�`�z/�ۣn�&0���݉W��=��+ŷv��+��*r��3�]	K߻�tRK��R0�N0U0�0U�0UN��@[�i�0�4hC�A��0dU]0[0,�*�(�&http://cert.startcom.org/sfsca-crl.crl0+�)�'�%http://crl.startcom.org/sfsca-crl.crl0�]U �T0�P0�L+��70�;0/+#http://cert.startcom.org/policy.pdf05+)http://cert.startcom.org/intermediate.pdf0��+0��0' Start Commercial (StartCom) Ltd.0��Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`�H��B08	`�H��B
+)StartCom Free SSL Certification Authority0
	*�H��
�l��f4�Ѕ^}
��N8^ߦ%K�2��;�=�D	[I�)�f����%�	<���6�+K�h�9f=�&��9�Q��{~��Z��Wpi��^X�
ߌ�E8
^W�b�z�����)����n(�DÐ�8�<�CMdE��(�\�s{�諱�.\dns1:����}��Q�;���M�f{<�Ӛ��eP���u�/���C��i��y�C�Fr�d6��%8��w~�kj���DK�x����,KD�4R'�
]�����x�S2݀�fuٵh(�a.���8����gd�./�p�ǖ|�e��CT�ݥ�9�`�4ɖp,��H{�~k����";���*���R��KU�����"��4N&"��,uJ��}׸d�6��/��#	��;sI�jW����xřCc�M�w-�e�riG	�V$��y�X.��	~��m>��J9��+���u���	�U7��7�Cb ��VKe��l�$�$�4���"��}?�eQ
�0j���
�r��^1�o0�k0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0	+���0	*�H��
	1	*�H��
0	*�H��
	1
140310235734Z0#	*�H��
	1�x{����U:������g{:t0��	+�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0��*�H��
	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA��0
	*�H��
�W�70!o�7�Y�g�6O���[b1�dm�,�o�q�2��w��]Ɩ���n�k&��x!�Ja��?D$�6R�7��A��l���t�ϧ�\�)ø�L��'F�a����t��>?J�V��ɸ �����Y����װ��,�F�o�
�UJ�����l�D�r��
������lE�xC�������iW�Hx�Y����������Sm{�R�֒�v�Y\Q*�℥{̱��쩗77MdB,�@ғL_p]-�{

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AF2D3781-6A50-4B92-9EF3-201A5E9687F6>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation