From owner-freebsd-questions Wed Sep 26 16:49:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from grumpy.dyndns.org (user-24-214-57-209.knology.net [24.214.57.209]) by hub.freebsd.org (Postfix) with ESMTP id 8608937B422 for ; Wed, 26 Sep 2001 16:49:32 -0700 (PDT) Received: (from dkelly@localhost) by grumpy.dyndns.org (8.11.6/8.11.6) id f8QNmgr23247; Wed, 26 Sep 2001 18:48:42 -0500 (CDT) (envelope-from dkelly) Date: Wed, 26 Sep 2001 18:48:42 -0500 From: David Kelly To: Mike Porter Cc: freebsd-questions@FreeBSD.ORG Subject: Re: dhcp & cable, @home (help me fight the MS monopoly) Message-ID: <20010926184842.A23164@grumpy.dyndns.org> References: <3.0.5.32.20010926000700.007ad100@widomaker.com> <200109261325.f8QDPe922234@c1828785-a.saltlk1.ut.home.com> <20010926113441.B12931@acadia.ne.mediaone.net> <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com>; from mupi@mknet.org on Wed, Sep 26, 2001 at 02:29:25PM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Sep 26, 2001 at 02:29:25PM -0600, Mike Porter wrote: > > The problem is that the only times my IP has changed, it has gone from a > 24.x.x.x family to a 65.x.x.x family and back, which invalidates the > anti-spoofing rules, since those operate on the 24.x.x.255 and 24.x.x.0 > addresses if I am in a 24-family IP, but on 65.x.x.255 and .0 for the > 65-family IP's. This means that the entire ruleset must be rewritten, not > just a matter of flushing the tables and refreshing my own personal IP. I > suppose if I was really ambitious, it would be possible to write some perl or > sed or awk that would strip the first three octets from my ifconfig data, and > then supply a 255 and a 0, and restructure some of the other rules as well. > And as previously noted, that could be tied to dhclient-exit-hooks. But my > wife would object to the time spent. Ain't hard. Already been posted here in this thread. Here is how I do it, admittantly with ipfw and not ipf: # look for the line with netmask, then awk my IP address ip=$(/sbin/ifconfig ${nic} | grep netmask | awk '{print $2}') Is a bit harder to strip the bytes out of the address one at a time. > > BTW, to reset your firewall, I think all you have to do, if you are using the > default ipfw setup, is have dhclient-exit-hooks run /etc/rc.firewall restart. There is a dynamic DNS feature in the latest ISC DHCP stuff but I'm not sure how it hooks in. Yes, you could link rc.firewall to dhclient-exit-hooks but dhclient-exit-hooks sometimes runs 4 times for each lease renewal. This is not what anyone really wants to do. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message