Date: Sun, 27 Feb 2000 18:05:05 +1100 From: "Andrew Reilly" <areilly@nsw.bigpond.net.au> To: Jim Bloom <bloom@acm.org> Cc: freebsd-current@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: cpp change breaks ipfw Message-ID: <20000227180504.A255@gurney.reilly.home> In-Reply-To: <38B8BAC5.9927A56E@acm.org> References: <38B8BAC5.9927A56E@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 27, 2000 at 12:48:53AM -0500, Jim Bloom wrote: > I have been using cpp on my firewall to expand my local firewall rules and fill > in the local address and subnetmask. This makes things easier my ISP decides to > change my IP address using DHCP. My firewall is running an approximately one > year old version of current and I'm trying to upgrade it to a recent version. Probably not the answer you're looking for, but another approach to consider: I worked around this problem by having the dhclient-exit-hooks script edit the new address into /etc/hosts, and ipfw uses the symbolic name for the rule. Works quite nicely, but then I don't have any rules that rely on the DHCP-supplied netmask. And here's a picture: if [ x$new_ip_address != x ]; then cp /etc/hosts /tmp/hosts-foo sed -e /gurney-/d /tmp/hosts-foo >/etc/hosts echo "$new_ip_address gurney-gw.reilly.home gurney-gw" >>/etc/hosts echo "$new_routers gurney-router.reilly.home gurney-router" >>/etc/hosts echo "$new_domain_name_servers gurney-ns.reilly.home gurney-ns" >>/etc/ hosts rm /tmp/hosts-foo fi I dare say that this would work less well if you were using a local DNS. Maybe m4 (instead of cpp) is the right way to do it? -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000227180504.A255>