Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Jul 1999 09:03:32 -0400
From:      Keith Stevenson <k.stevenson@louisville.edu>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Setting up a firewall with dynamic IPs
Message-ID:  <19990713090332.A8897@homer.louisville.edu>
In-Reply-To: <Pine.OSF.4.10.9907132210380.2013-100000@bragg>; from Kris Kennaway on Tue, Jul 13, 1999 at 10:16:32PM %2B0930
References:  <199907130856.QAA12434@ariadne.tensor.pgs.com> <Pine.OSF.4.10.9907132210380.2013-100000@bragg>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jul 13, 1999 at 10:16:32PM +0930, Kris Kennaway wrote:
> On Tue, 13 Jul 1999, Stephen Hocking-Senior Programmer PGS Tensor Perth wrote:
> 
> > I was checking out the firewall setup in /etc/rc.firewall, and noticed that 
> > the simple example relied on a fixed IP address for the external interface. I 
> > don't know ahead of time what IP address is going to be allocated to me before 
> > I dial up. Would it be possible to specify an interface (tun0) rather than an 
> > IP address?
> 
> You could probably do it from /etc/ppp/ppp.linkup, which knows your IP address
> as MYADDR. But if you just have asingle machine on the end of the dialup then
> I find I can get away with just specifying the netmask from which the dialup
> IPs are assigned in place of a single address - all that can happen is that
> packets get through your firewall destined to a nonexistent address (i.e. if
> you allow incoming port Y traffic then people can send to port Y on
> nonexistent IP addresses (i.e. your peer addresses) which will be dropped by
> the kernel).

Keep in mind that if securelevel > 2, the ipfw rules can not be changed.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990713090332.A8897>