Date: Thu, 29 Sep 2005 04:10:33 -0500 From: "Travis H." <solinym@gmail.com> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF in /etc/rc.d: some issues Message-ID: <d4f1333a05092902104a37758@mail.gmail.com> In-Reply-To: <200509221413.03576.max@love2party.net> References: <20050922112017.GB16325@comp.chem.msu.su> <200509221413.03576.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I had a number of similar issues when dealing with DHCP interfaces back in the day. The $variable substitution that pf currently does is sufficient for many cases, and the (ifc0) lookup helps with DHCP, but there are still corner cases. For example, what does antispoof do regarding an interface with IP 0.0.0.0/32, as DHCP interfaces start out? What happens to antispoof rules if your DHCP IP changes due to lease expiration? Writing a script which generates rules and feeds them to pfctl is pretty straightforward and I recommend it over a static file. -- http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d4f1333a05092902104a37758>