Date: Mon, 7 Jul 2003 14:04:25 -0700 From: James Long <james_mapson@umpquanet.com> To: Dirk-Willem van Gulik <dirkx@webweaving.org> Cc: freebsd-questions@freebsd.org Subject: Re: Symbolic names for (ethernet) interfaces Message-ID: <20030707140425.A30539@ns.museum.rain.com> In-Reply-To: <20030707222807.V47890-100000@foem>; from dirkx@webweaving.org on Mon, Jul 07, 2003 at 10:29:58PM %2B0200 References: <20030707222807.V47890-100000@foem>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 07, 2003 at 10:29:58PM +0200, Dirk-Willem van Gulik wrote:
>
> How does one specify a 'symbolic' name for an ethernet interface; i.e. be
> able to refer to rl0, vx1 or ep0 by a name like 'net0, net1' or 'net2'.
>
> With net1 et.al. tied to a specific PCI slot or card Mac address. So that
> it becomes easier to write HW independed rc.conf or zebra.conf files.
Consider this snippet of my rc.conf, wherein I declare my outside
interface as symbolic name ${oif} and my inside interface as ${iif}.
Where I define iif or oif you might choose to define net0 or net1
instead.
oif="dc0"
oip="206.29.169.27"
omask="255.255.255.0"
iif="tl0"
iip="206.29.168.233"
imask="255.255.255.248"
eval ifconfig_${oif}="\"inet ${oip} netmask ${omask}\""
eval ifconfig_${iif}="\"inet ${iip} netmask ${imask}\""
# eval ifconfig_${iif}="\"DHCP\""
Then I can source rc.conf in my firewall script, and say stuff like
you see below, and if I ever have to change IPs (or more likely, I
clone the script to set up another machine), I just edit rc.conf.
#!/usr/local/bin/bash
# Suck in the configuration variables oif, oip, iif, iip, imask
if [ -f /etc/defaults/rc.conf ]; then
echo Reading /etc/defaults/rc.conf
. /etc/defaults/rc.conf
source_rc_confs
fi
fw="/sbin/ipfw"
# inside network
inet="${iip}:${imask}"
...
${fw} add deny log all from 127.0.0.0/8 to any via ${oif}
${fw} add deny log all from 127.0.0.0/8 to any via ${iif}
${fw} add deny log all from any to 127.0.0.0/8 via ${oif}
${fw} add deny log all from any to 127.0.0.0/8 via ${iif}
${fw} add allow all from any to any via lo0
${fw} add deny log all from ${inet} to any recv ${oif}
${fw} add deny log all from not ${inet} to any recv ${iif}
...
# Allow DHCP on internal interface
${fw} add allow udp from any to any 67-68 via ${iif}
###########################
#
# NAT
#
###########################
${fw} add divert natd ip from any to any via ${oif}
(etc.)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030707140425.A30539>