From owner-freebsd-mobile Sat Mar 24 14:23: 1 2001 Delivered-To: freebsd-mobile@freebsd.org Received: from grumpy.dyndns.org (user-24-214-76-236.knology.net [24.214.76.236]) by hub.freebsd.org (Postfix) with ESMTP id 3868D37B71D for ; Sat, 24 Mar 2001 14:22:43 -0800 (PST) (envelope-from dkelly@grumpy.dyndns.org) Received: from localhost (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.3/8.11.3) with ESMTP id f2OMMAP84277; Sat, 24 Mar 2001 16:22:10 -0600 (CST) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200103242222.f2OMMAP84277@grumpy.dyndns.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Randy Bush Cc: FreeBSD Laptoppers From: David Kelly Subject: Re: ipfw and shifting address In-reply-to: Message from Randy Bush of "Sat, 24 Mar 2001 13:06:10 PST." Mime-Version: 1.0 Content-Type: multipart/mixed ; boundary="==_Exmh_-4228561080" Date: Sat, 24 Mar 2001 16:22:10 -0600 Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multipart MIME message. --==_Exmh_-4228561080 Content-Type: text/plain; charset=us-ascii Randy Bush writes: > anyone have a simple hack for using ipfw on a roaming laptop? i.e. the ip > network, interface, and netmask change often, which would seem to make > /etc/rc.firewall a bit unhappy. Edit the attached file to your liking and put it in /etc. Take out the debug loggin stuff and ddup. Point it at your firewall rule file. In your firewall file (mine is /etc/dmk.firewall) use the following to detect the IP address (if you need it in your rules): ip=$(/sbin/ifconfig $nic | grep ask | awk '{print $2}') My ISP issues 2 hour leases, renews at 1 hour. Script has been working pretty good for the past couple of months. --==_Exmh_-4228561080 Content-Type: text/plain ; name="dhclient-exit-hooks"; charset=us-ascii Content-Description: dhclient-exit-hooks Content-Disposition: attachment; filename="dhclient-exit-hooks" #!/bin/sh ( date echo ${reason:-NO_REASON_GIVEN} case ${reason} in BOUND|REBIND) # May or may not be a new address. # adds $old_ip_address to working variables # use :-number to force behavior if variables are missing if [ ${old_ip_address:-0} != ${new_ip_address:-1} ] then if [ X${new_ip_address%\.[0-9]*\.[0-9]*} = "X192.168" ] then echo "do nothing: darned modem IP address ${new_ip_address}" else . /etc/dmk.firewall # if one is using DynDNS: echo /usr/local/sbin/ddup --host grumpy.dyndns.org --static /usr/local/sbin/ddup --host grumpy.dyndns.org --static # set fi else echo "addresses did not change (${reason})" fi ;; REBOOT) echo "reboot" # echo "re-init firewall" # /bin/sh /etc/dmk.firewall 2>&1 echo `date` ;; *) echo "nothing needed (${reason:-NOT_SPECIFIED})" ;; esac if [ X${old_ip_address} != "X" ] then echo "old_ip_address = " ${old_ip_address} fi if [ X${new_ip_address} != "X" ] then echo "new_ip_address = " ${new_ip_address} fi ) 2>&1 >> /home/dkelly/dhclient.debug --==_Exmh_-4228561080 Content-Type: text/plain; charset=us-ascii -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. --==_Exmh_-4228561080-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message