Date: Fri, 14 Jan 2005 21:08:56 +0100 From: Saad Kadhi <saad@docisland.org> To: freebsd-questions@freebsd.org Subject: Re: Dynamic IP and pf? Message-ID: <41E826D8.9000003@docisland.org> In-Reply-To: <41E81FFB.4020808@xecu.net> References: <41E81FFB.4020808@xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14/01/2005 20:39 Christopher McGee wrote: > I have a cable modem that provides a dynamic IP address to the outside > interface of my firewall(5.3 with PF doing NAT). If my IP address > changes I have to run a script to update my dynamic dns and reload my > firewall rules based on the new IP address. Is there a recommended way > of doing this other than having cron check to see if the IP addresss has > changed? the PF version integrated into 5.3 supports dynamic IPs by putting parentheses around the interface name as explained in http://www.openbsd.org/faq/pf/filter.html : <excerpt> The name of a network interface in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface change. This is useful on an interface that gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes. </excerpt> for example : my_if="hme0" [...] nat on $my_if proto tcp from any to any -> ($my_if) [...] pass in quick on $my_if proto tcp from any to ($my_if) port domain flags S/SAFR keep state -- Saad Kadhi "He who relieves the poor makes Ahura king"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E826D8.9000003>