From owner-freebsd-hackers Tue Jul 13 5:46:49 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (Postfix) with ESMTP id 4FCED14FD6 for ; Tue, 13 Jul 1999 05:46:43 -0700 (PDT) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id WAA07777; Tue, 13 Jul 1999 22:16:40 +0930 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA07219; Tue, 13 Jul 1999 22:16:38 +0930 Date: Tue, 13 Jul 1999 22:16:32 +0930 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Stephen Hocking-Senior Programmer PGS Tensor Perth Cc: hackers@freebsd.org Subject: Re: Setting up a firewall with dynamic IPs In-Reply-To: <199907130856.QAA12434@ariadne.tensor.pgs.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 13 Jul 1999, Stephen Hocking-Senior Programmer PGS Tensor Perth wrote: > I was checking out the firewall setup in /etc/rc.firewall, and noticed that > the simple example relied on a fixed IP address for the external interface. I > don't know ahead of time what IP address is going to be allocated to me before > I dial up. Would it be possible to specify an interface (tun0) rather than an > IP address? You could probably do it from /etc/ppp/ppp.linkup, which knows your IP address as MYADDR. But if you just have asingle machine on the end of the dialup then I find I can get away with just specifying the netmask from which the dialup IPs are assigned in place of a single address - all that can happen is that packets get through your firewall destined to a nonexistent address (i.e. if you allow incoming port Y traffic then people can send to port Y on nonexistent IP addresses (i.e. your peer addresses) which will be dropped by the kernel). Kris ----- "Never criticize anybody until you have walked a mile in their shoes, because by that time you will be a mile away and have their shoes." -- Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message