Date: Fri, 14 Jan 2005 14:50:03 -0600 From: Eric F Crist <ecrist@secure-computing.net> To: Christopher McGee <chris@xecu.net> Cc: freebsd-questions@freebsd.org Subject: Re: Dynamic IP and pf? Message-ID: <DD8BB392-666D-11D9-9A7E-000D9333E43C@secure-computing.net> In-Reply-To: <41E81FFB.4020808@xecu.net> References: <41E81FFB.4020808@xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-1-727068695 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Jan 14, 2005, at 1:39 PM, Christopher McGee wrote: > I have a cable modem that provides a dynamic IP address to the outside > interface of my firewall(5.3 with PF doing NAT). If my IP address > changes I have to run a script to update my dynamic dns and reload my > firewall rules based on the new IP address. Is there a recommended way > of doing this other than having cron check to see if the IP addresss > has changed? > > Thanks, > Chris If you use ipfw for firewalling, try using the 'me' keyword, instead of an actual IP address. For example, I use a similar line to: ipfw add 100 deny ip from any 137-139 to me in via vr0 This line says to deny all IP traffic, from anyone, to ports 137, 138, and 139, destined for me, that is incoming on interface vr0. This means, barring any other rules, that traffice coming in on vr1 will still be accepted. HTH _______________________________________________________ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson --Apple-Mail-1-727068695 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkHoMHwACgkQRAAY9knOW+rfqwCeKEllhTOh5B/vgPyEHxarKcnB iVcAn0TV5HqIKmKxFQdsygEECe1oruWV =q32i -----END PGP SIGNATURE----- --Apple-Mail-1-727068695--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DD8BB392-666D-11D9-9A7E-000D9333E43C>