From owner-freebsd-security Wed Oct 17 19:54:46 2001 Delivered-To: freebsd-security@freebsd.org Received: from tinny.eis.net.au (tinny.eis.net.au [203.12.171.1]) by hub.freebsd.org (Postfix) with ESMTP id E8B5337B43A for ; Wed, 17 Oct 2001 19:54:28 -0700 (PDT) Received: (from nobody@localhost) by tinny.eis.net.au (8.11.5/8.8.3) id f9I2sU809937; Thu, 18 Oct 2001 12:54:30 +1000 (EST) Date: Thu, 18 Oct 2001 12:54:30 +1000 (EST) Message-Id: <200110180254.f9I2sU809937@tinny.eis.net.au> From: "David Trzcinski" To: freebsd-security@FreeBSD.ORG Reply-To: xlr82xs@sdf.lonestar.org Subject: Re: Using IPFW with dynamic IP X-Mailer: NeoMail 1.25 X-IPAddress: 203.12.171.232 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Personly, i would recomend useing /etc/ppp/ppp.linkup with the MYADDR variable ie: !bg /sbin/ipfw (or wherever your ipfw program resides...) add 20 allow tcp from any to MYADDR in via INTERFACE established though, I have found that SOMETIMES, the ppp script doesn't actually add all of the rules...mine are numbered in incresments of 10, but on the rare occasion, several rules may be left out so i go from say 60 to 110 but that isn't really that big of a deal...also, if you're useing dialup, and dont have any other computers sitting behind your freebsd one, or are useing something like nat, you could simply use "any" as your local host in ipfw ie: ipfw add 20 allow tcp from any to any in via tun0 established or whatver your network interface is either way, when you view the logs generated (/var/log/security or /var/log/all.log (if enabled)) you will see your computers current ip listed in the rule...just not if you ipfw -list -- NeoMail - Webmail that doesn't suck... as much. http://neomail.sourceforge.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message