From owner-freebsd-questions@FreeBSD.ORG Fri Jan 14 20:09:06 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D88216A4CE for ; Fri, 14 Jan 2005 20:09:06 +0000 (GMT) Received: from zeff.docisland.org (zeff.docisland.org [213.41.173.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 452E743D3F for ; Fri, 14 Jan 2005 20:09:03 +0000 (GMT) (envelope-from saad@docisland.org) Received: from localhost (localhost.sk.org [127.0.0.1]) by zeff.docisland.org (Postfix) with ESMTP id 7DC65A375 for ; Fri, 14 Jan 2005 21:09:01 +0100 (CET) Received: from mail.sk.org (bsdguy.net1.nerim.net [62.212.99.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.sk.org", Issuer "ca.sk.org" (verified OK)) by zeff.docisland.org (Postfix) with ESMTP id E19CDA360 for ; Fri, 14 Jan 2005 21:08:58 +0100 (CET) Received: from [10.1.4.2] (kaboo.dmz.sk.org [10.1.4.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.sk.org (Postfix) with ESMTP id 25A4350E5 for ; Fri, 14 Jan 2005 21:08:56 +0100 (CET) Message-ID: <41E826D8.9000003@docisland.org> Date: Fri, 14 Jan 2005 21:08:56 +0100 From: Saad Kadhi Organization: DocIsland User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <41E81FFB.4020808@xecu.net> In-Reply-To: <41E81FFB.4020808@xecu.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at docisland.org Subject: Re: Dynamic IP and pf? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 20:09:06 -0000 On 14/01/2005 20:39 Christopher McGee wrote: > I have a cable modem that provides a dynamic IP address to the outside > interface of my firewall(5.3 with PF doing NAT). If my IP address > changes I have to run a script to update my dynamic dns and reload my > firewall rules based on the new IP address. Is there a recommended way > of doing this other than having cron check to see if the IP addresss has > changed? the PF version integrated into 5.3 supports dynamic IPs by putting parentheses around the interface name as explained in http://www.openbsd.org/faq/pf/filter.html : The name of a network interface in parentheses ( ). This tells PF to update the rule if the IP address(es) on the named interface change. This is useful on an interface that gets its IP address via DHCP or dial-up as the ruleset doesn't have to be reloaded each time the address changes. for example : my_if="hme0" [...] nat on $my_if proto tcp from any to any -> ($my_if) [...] pass in quick on $my_if proto tcp from any to ($my_if) port domain flags S/SAFR keep state -- Saad Kadhi "He who relieves the poor makes Ahura king"