From owner-freebsd-questions  Mon Jun 19  1:50:41 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id AEA7737BC5C
	for <freebsd-questions@FreeBSD.ORG>; Mon, 19 Jun 2000 01:50:38 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from hades.hell.gr (patr530-b112.otenet.gr [195.167.121.240])
	by athserv.otenet.gr (8.10.1/8.10.1) with ESMTP id e5J8nrH10460;
	Mon, 19 Jun 2000 11:49:53 +0300 (EET DST)
Received: (from charon@localhost)
	by hades.hell.gr (8.10.2/8.10.2) id e5J9sJi02306;
	Mon, 19 Jun 2000 12:54:19 +0300 (EEST)
Date: Mon, 19 Jun 2000 12:54:18 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: The Clark Family <res03db2@gte.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Updating ipfw at dhcp induced ip address change.
Message-ID: <20000619125418.A2251@hades.hell.gr>
References: <20000619003156.A642@hades.hell.gr> <Pine.BSF.4.21.0006171503010.38057-100000@orthanc.dsl.gtei.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Description: Message text
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0006171503010.38057-100000@orthanc.dsl.gtei.net>; from res03db2@gte.net on Sat, Jun 17, 2000 at 03:10:05PM -0700
X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jun 17, 2000 at 03:10:05PM -0700, The Clark Family wrote:
> 
> I had read somewhere, that it was required to "bump" ipfw when an
> interface's address changes. NATD looks like it has a "dynamic"
> setting though.

I haven't seen anything like this written somewhere.  Oh, and ipfw has
worked fine on my ppp0 interface which changes IP address every time I
dial, without doing anything special.

The rules were simply there, with their 'in recv ppp0' or their 'out
xmit ppp0' conditions, and they worked every time I dialed out to my
Internet provider.

The only case where I can think of manual intervention as being
necessary with a finished ipfw setup is when you have rules that log
packets, and a logamount that limits how many times this rule will be
logged.  In such a case, after a while, you might have to run

	# ipfw zero

only to make sure that the hit count of every rule is zeroed again.
This does not mean that without "ipfw zero" the rule does not work,
though.  It does work, as long as it's there.  It simply does not log
rule hits any more to syslogd.

-- 
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
For my public key: finger keramida@ceid.upatras.gr


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message