From owner-freebsd-questions@FreeBSD.ORG Fri Jan 14 20:23:29 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 700B216A4CE for ; Fri, 14 Jan 2005 20:23:29 +0000 (GMT) Received: from mss1.myactv.net (mss1.myactv.net [24.89.0.26]) by mx1.FreeBSD.org (Postfix) with SMTP id EE15443D41 for ; Fri, 14 Jan 2005 20:23:28 +0000 (GMT) (envelope-from chris@xecu.net) Received: (qmail 12160 invoked by uid 1531); 14 Jan 2005 20:23:28 -0000 Received: from chris@xecu.net by mss1.myactv.net by uid 1006 with qmail-scanner-1.21 (clamdscan: 0.70. Clear:RC:1(24.153.115.195):. Processed in 0.032097 secs); 14 Jan 2005 20:23:28 -0000 Received: from dyn-153-115-195.myactv.net (HELO ?127.0.0.1?) (24.153.115.195) by mss1.myactv.net with SMTP; 14 Jan 2005 20:23:28 -0000 Message-ID: <41E82A3F.9000903@xecu.net> Date: Fri, 14 Jan 2005 15:23:27 -0500 From: Christopher McGee User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <41E81FFB.4020808@xecu.net> <41E826D8.9000003@docisland.org> In-Reply-To: <41E826D8.9000003@docisland.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Dynamic IP and pf? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 20:23:29 -0000 Saad Kadhi wrote: > On 14/01/2005 20:39 Christopher McGee wrote: > >> I have a cable modem that provides a dynamic IP address to the >> outside interface of my firewall(5.3 with PF doing NAT). If my IP >> address changes I have to run a script to update my dynamic dns and >> reload my firewall rules based on the new IP address. Is there a >> recommended way of doing this other than having cron check to see if >> the IP addresss has changed? > > the PF version integrated into 5.3 supports dynamic IPs by putting > parentheses around the interface name as explained in > http://www.openbsd.org/faq/pf/filter.html : > > The name of a network interface in parentheses ( ). This tells PF to > update the rule if the IP address(es) on the named interface change. > This is useful on an interface that gets its IP address via DHCP or > dial-up as the ruleset doesn't have to be reloaded each time the > address changes. > > > for example : > my_if="hme0" > [...] > nat on $my_if proto tcp from any to any -> ($my_if) > [...] > pass in quick on $my_if proto tcp from any to ($my_if) port domain > flags S/SAFR keep state > I have setup my pf ruleset using the parentheses. I didn't realize it would auto update them. I thought I would still need to reload the rules so that it re-reads the interface IP. I still have the dilemma of dynamic dns and a couple of other scripts that I run, based on the IP, that will require being run if the IP ever changes. I'm thinking there should be something I can do in /etc/dhclient.conf maybe to run them? Chris