From owner-freebsd-questions  Thu Mar 28 21:58:24 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from samuelstn.dhs.org (h24-64-81-248.cg.shawcable.net [24.64.81.248])
	by hub.freebsd.org (Postfix) with SMTP id 9E7DC37B421
	for <freebsd-questions@freebsd.org>; Thu, 28 Mar 2002 21:58:20 -0800 (PST)
Received: (qmail 23829 invoked from network); 29 Mar 2002 05:58:19 -0000
Received: from celeron (192.168.1.6)
  by homeserver with SMTP; 29 Mar 2002 05:58:19 -0000
Date: Thu, 28 Mar 2002 22:56:21 -0700
From: Samuel Chow <cyschow@shaw.ca>
To: "James McNaughton" <jtm63@enteract.com>
Cc: sysadmin@st-james-snrgirls.w-london.sch.uk,
	freebsd-questions@freebsd.org
Subject: Re: Cable-modem, dynamic IP, NAT and IPFW
Message-Id: <20020328225621.0d7847f5.cyschow@shaw.ca>
In-Reply-To: <86zo0shulu.fsf@jamestown.21stcentury.net>
References: <LPBBIGIAAKKEOEJOLEGOKEEFCMAA.barbish@a1poweruser.com>
	<001e01c1d672$0b46f520$0a00000a@stjames.net>
	<02b701c1d674$ffcd9ca0$2784412f@ca.nortel.com>
	<003d01c1d676$111728e0$0a00000a@stjames.net>
	<86zo0shulu.fsf@jamestown.21stcentury.net>
X-Mailer: Sylpheed version 0.6.5 (GTK+ 1.2.10; i386--freebsd4.4)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 28 Mar 2002 22:21:32 -0600
"James McNaughton" <jtm63@enteract.com> wrote:

> I've found that when the lease expires on my IP address I just keep
> getting the same one reassigned. So I've never developed strategy for
> updating the firewall rules on the fly like that.

	You do realize that you can specify source and target
	address using the 'me' keyword.  Also, you can specify
	the interface using the 'via' keyword.  With these two
	keywords, you don't have to have any IP addresses in
	your ipfw rules.

	For example,
	ipfw add 1000 allow udp from me to any 53 out via rl0
	ipfw add 1000 allow udp from any 53 to me in via rl0

---
Samuel Chow
cyschow@shaw.ca

Segmentation Fault (core dumped)
This message is displayed using recycled electrons.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message