Date: Fri, 10 Dec 1999 19:12:52 -0700 From: Brett Glass <brett@lariat.org> To: Kevin Street <street@iname.com>, Brendan Conoboy <synk@swcp.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: rc.firewall, ipf integration Message-ID: <4.2.0.58.19991210190512.03d62d90@localhost> In-Reply-To: <14417.33934.245121.600826@mired.eh.local> References: <199912102133.OAA17684@inago.swcp.com> <199912102133.OAA17684@inago.swcp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This might be a good time to take DHCP off of the Berkeley Packet Filter interface and make it a bona fide protocol stack, albeit a short one (it'd be null above the MAC layer). This would eliminate the need for a special case mechanism to interact with it.... --Brett Glass At 03:54 PM 12/10/1999 , Kevin Street wrote: >Brendan Conoboy writes: > > >So I'm sending this mail out to ask how people would like it improved. > >I'm willing to do pretty much all of the work, particularly to get ipf > >integrated. What do people think needs to happen? > >Brendan, for client machines, better integration with DHCP would be a >worthwhile goal. The firewall setup needs to be called from the >dhclient scripts since dhclient knows what the ip address is and gets >notified of any changes (lease expiry, ip addr changes). Having an >rc.firewall that can be called whenever the state changes would be >useful. Having the boot up of dhcp and rc.firewall happen in the >right order and leave the firewall configured correctly is mandatory. > >Right now, my dhcp startup sets up the firewall and then rc.network >promptly flushes it. I've got mine set up so that rc.firewall >discovers what ip address dhcp managed to get and re-establishes the >firewall by calling the same external firewall script that I'm using >during the dhclient lease renewals. >-- >Kevin Street >street@iname.com > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19991210190512.03d62d90>