Date: Wed, 30 May 2001 22:48:42 -0400 From: Doug Lee <dgl@visi.com> To: Chuck Rouillard <chuckr@opus.sandiegoca.ncr.com> Cc: Jason Borkowsky <jcborkow@tcpns.com>, questions@FreeBSD.ORG Subject: Re: DHCP and IPFW Message-ID: <20010530224842.B33752@kirk.sector14.net> In-Reply-To: <Pine.BSF.4.31.0105301604250.40943-100000@opus.sandiegoca.ncr.com>; from chuckr@opus.sandiegoca.ncr.com on Wed, May 30, 2001 at 04:27:40PM -0700 References: <Pine.BSF.4.21.0105301411440.44433-100000@bemused.tcpns.com> <Pine.BSF.4.31.0105301604250.40943-100000@opus.sandiegoca.ncr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW, I use the following code at the top of my equivalent of
/etc/rc.firewall. The point is to automate the retrieval of as much
info as possible. When this block is done, $iif/$oif (manually set)
are the interfaces, $iip/$oip the ips, and $imask/$omask the netmasks,
per usual. $inet/$onet are the full net specs (basically $inet/$onet
from rc.firewall plus $imask/$omask as appropriate). $iIsNotSubnet
and $oIsNotSubnet indicate whether the internal/external interfaces
are single ips or subnets. Finally, $oif can be specified on the
command line of the shell script from which I'm drawing this code, in
which case all the $o... variables come from that interface. This
lets me do something like
sh /etc/rc.firewall tun0
to quickly realign the firewall around a PPP link, say, when my
high-speed link goes down.
# Suck in the configuration variables (this block is straight from rc.firewall).
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
# Get the specs on the inside interface.
iif=dc0
iip=`ifconfig $iif inet |awk '/inet/ {print $2;}'`
iIsNotSubnet=
if [ "`ifconfig $iif |grep TOPOINT`" ]; then
iIsNotSubnet=1
fi
if [ "$iIsNotSubnet" ]; then
imask=255.255.255.255
inet=${iip}
else
imask=`ifconfig $iif inet |awk '/inet/ {print $4;}'`
inet=${iip}:${imask}
fi
# Get the specs on the external interface.
# The interface name can be passed to this script; useful for ppp links.
if [ "x$1" != "x" ]; then
oif=$1
else
oif=ed0
fi
oip=`ifconfig $oif inet |awk '/inet/ {print $2;}'`
oIsNotSubnet=1 # NOTE: explicitly set as single ip
if [ "`ifconfig $oif |grep TOPOINT`" ]; then
oIsNotSubnet=1
fi
if [ "$oIsNotSubnet" ]; then
omask=255.255.255.255
onet=${oip}
else
omask=`ifconfig $oif inet |awk '/inet/ {print $4;}'`
onet=${oip}:${omask}
fi
On Wed, May 30, 2001 at 04:27:40PM -0700, Chuck Rouillard wrote:
>
>
> [snip]
>
> I'm guessing IP changes are central to this question.
> If so, configure your ruleset(s) using variables. For
> example:
>
> oif="ed0"
> iif="ed1"
> dns0="xxx.xxx.xxx.xxx"
> dns1="yyy.yyy.yyy.yyy"
>
> and possibly:
>
> dhcp0="zzz.zzz.zzz.zzz"
> ...
>
> Then, specify interfaces and IPs like ${oif}, ${iif},
> and ${dns0} in your ruleset(s).
>
>
> .cr
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
--
Doug Lee dgl@visi.com http://www.visi.com/~dgl
Bartimaeus Group doug@bartsite.com http://www.bartsite.com
"I before E, except after C, or when sounded like A, as in neighbor
and weigh, except for when weird foreign concierges seize neither
leisure nor science from the height of society."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010530224842.B33752>