From owner-freebsd-security Tue Aug 21 3: 1:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (dialmess.nanolink.com [217.75.135.246]) by hub.freebsd.org (Postfix) with SMTP id BD5D137B407 for ; Tue, 21 Aug 2001 03:01:15 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 10189 invoked by uid 1000); 21 Aug 2001 09:59:47 -0000 Date: Tue, 21 Aug 2001 12:59:47 +0300 From: Peter Pentchev To: Lasse Osterberg Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPfw and DHCP Message-ID: <20010821125947.C7824@ringworld.oblivion.bg> Mail-Followup-To: Lasse Osterberg , freebsd-security@FreeBSD.ORG References: <002e01c12a27$2a3f30c0$d2c91986@elvisp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002e01c12a27$2a3f30c0$d2c91986@elvisp>; from lars.osterberg@ue.sr.se on Tue, Aug 21, 2001 at 11:53:43AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Aug 21, 2001 at 11:53:43AM +0200, Lasse Osterberg wrote: > Hi All, > > Is there anyway at system startup and/or via a cron job to pass my DHCP > ipaddress from my external interface to rc.firewall? > So my firewall rules still work if my external DHCP lease gets a new > ipaddress. You could always use the ipfw 'me' syntax - instead of an IP address, put the word 'me' in the ipfw rule, it matches any IP address assigned to a local interface. So, instead of: ipfw add allow tcp from any to 192.168.5.5 22 setup ..put: ipfw add allow tcp from any to me 22 setup ..and things should be fine. G'luck, Peter -- You have, of course, just begun reading the sentence that you have just finished reading. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message