From owner-freebsd-security  Fri Dec 28 12:34:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ke7hc.net (12-225-238-179.client.attbi.com [12.225.238.179])
	by hub.freebsd.org (Postfix) with ESMTP id 9953937B428
	for <freebsd-security@freebsd.org>; Fri, 28 Dec 2001 12:34:06 -0800 (PST)
Received: (from phils@localhost)
	by ke7hc.net (8.11.6/8.11.6) id fBSKXUe43912;
	Fri, 28 Dec 2001 12:33:30 -0800 (PST)
	(envelope-from phils)
Date: Fri, 28 Dec 2001 12:33:30 -0800
From: Phil Staub <phils@ke7hc.net>
To: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
Cc: freebsd-security@freebsd.org
Subject: Re: ipfw with DHCP [was: Re: ipfw by MAC]
Message-ID: <20011228123330.B43549@ke7hc.net>
Reply-To: phils@ke7hc.net
References: <Pine.LNX.4.21.0112271901160.15564-100000@ocis.ocis.net> <20011227231154.M2090@blossom.cjclark.org> <20011228114927.A43549@ke7hc.net> <20011228212733.4dc0d79d.kzaraska@student.uci.agh.edu.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011228212733.4dc0d79d.kzaraska@student.uci.agh.edu.pl>; from kzaraska@student.uci.agh.edu.pl on Fri, Dec 28, 2001 at 09:27:33PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Thanks, Krzysztof. I has assumed it would probably just be a matter of
knowing how to get around specifying the IP addresses in the
rules. This provides the examples I needed.

Phil

On Fri, Dec 28, 2001 at 09:27:33PM +0100, Krzysztof Zaraska wrote:
> On Fri, 28 Dec 2001 11:49:28 -0800 Phil Staub wrote:
> 
> > 
> > On Thu, Dec 27, 2001 at 11:11:54PM -0800, Crist J . Clark wrote:
> > > On Thu, Dec 27, 2001 at 07:02:02PM -0800, John F Cuzzola wrote:
> > > > 
> > > > Hi there,
> > > > 
> > > > Does the latest version of FreeBSD allow you to create ipfw rules
> based
> > > > on MAC address instead of IP?
> > > 
> > > No.
> > 
> > This sort of prompts a question I've been wondering about since the
> > @Home->attbi.com transition: Has anyone addressed the issue of
> > configuring a firewall with a DHCP-assigned outside IP address?
> /.../
> 
> Take a look at this: 
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/articles/dialup-firewall/rules.html
> 
> This setup could be a good staring point -- the author seems to be
> filtering mostly on interface basis so changing IP should not be a
> problem. 
> 
> Hope it helps
> 
> Krzysztof

-- 
Phil Staub, KE7HC
phils@ke7hc.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message