Date: Fri, 10 Dec 1999 17:54:06 -0500 (EST) From: Kevin Street <street@iname.com> To: Brendan Conoboy <synk@swcp.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: rc.firewall, ipf integration Message-ID: <14417.33934.245121.600826@mired.eh.local> In-Reply-To: <199912102133.OAA17684@inago.swcp.com> References: <199912102133.OAA17684@inago.swcp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brendan Conoboy writes: >So I'm sending this mail out to ask how people would like it improved. >I'm willing to do pretty much all of the work, particularly to get ipf >integrated. What do people think needs to happen? Brendan, for client machines, better integration with DHCP would be a worthwhile goal. The firewall setup needs to be called from the dhclient scripts since dhclient knows what the ip address is and gets notified of any changes (lease expiry, ip addr changes). Having an rc.firewall that can be called whenever the state changes would be useful. Having the boot up of dhcp and rc.firewall happen in the right order and leave the firewall configured correctly is mandatory. Right now, my dhcp startup sets up the firewall and then rc.network promptly flushes it. I've got mine set up so that rc.firewall discovers what ip address dhcp managed to get and re-establishes the firewall by calling the same external firewall script that I'm using during the dhclient lease renewals. -- Kevin Street street@iname.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14417.33934.245121.600826>