Date: Tue, 10 Apr 2007 15:26:36 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "J.D. Bronson" <jbronson-freebsd@sixcompanies.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter and DHCP Message-ID: <44mz1gqbdf.fsf@be-well.ilk.org> In-Reply-To: <200704101334.l3ADY1MJ006807@shadow.sixcompanies.com> (J. D. Bronson's message of "Tue\, 10 Apr 2007 08\:34\:51 -0500") References: <200704101334.l3ADY1MJ006807@shadow.sixcompanies.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"J.D. Bronson" <jbronson-freebsd@sixcompanies.com> writes: > Ok...what do you guys do to handle a change of IP/network via DHCP > with ipfilter? > > I have been told that if my IP changes while the machine is up and > running that ipfilter WON'T see this change and needs to be > told...supposedly it only reads the IP when it starts itself. > > If this is true, is there any easy way to fix this? > I run ipcheck.py and that can invoke a script if needed if it notices > and IP changed.... > > ipnat.conf: > map bge1 192.43.82.0/24 -> 0/32 proxy port ftp ftp/tcp > map bge1 192.43.82.0/24 -> 0/32 portmap tcp/udp auto > map bge1 192.43.82.0/24 -> 0/32 > > rdr bge1 0.0.0.0/0 port 25 -> 192.43.82.170 port 25 > > > I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0' > values at startup...having my IP change could be disasterous. When your IP changes, you can have dhclient trigger a script of your choosing. You can use that to alter your firewall rules. There are probably other approaches too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44mz1gqbdf.fsf>