Date: Fri, 14 Jan 2005 15:23:27 -0500 From: Christopher McGee <chris@xecu.net> To: freebsd-questions@freebsd.org Subject: Re: Dynamic IP and pf? Message-ID: <41E82A3F.9000903@xecu.net> In-Reply-To: <41E826D8.9000003@docisland.org> References: <41E81FFB.4020808@xecu.net> <41E826D8.9000003@docisland.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Saad Kadhi wrote: > On 14/01/2005 20:39 Christopher McGee wrote: > >> I have a cable modem that provides a dynamic IP address to the >> outside interface of my firewall(5.3 with PF doing NAT). If my IP >> address changes I have to run a script to update my dynamic dns and >> reload my firewall rules based on the new IP address. Is there a >> recommended way of doing this other than having cron check to see if >> the IP addresss has changed? > > the PF version integrated into 5.3 supports dynamic IPs by putting > parentheses around the interface name as explained in > http://www.openbsd.org/faq/pf/filter.html : > <excerpt> > The name of a network interface in parentheses ( ). This tells PF to > update the rule if the IP address(es) on the named interface change. > This is useful on an interface that gets its IP address via DHCP or > dial-up as the ruleset doesn't have to be reloaded each time the > address changes. > </excerpt> > > for example : > my_if="hme0" > [...] > nat on $my_if proto tcp from any to any -> ($my_if) > [...] > pass in quick on $my_if proto tcp from any to ($my_if) port domain > flags S/SAFR keep state > I have setup my pf ruleset using the parentheses. I didn't realize it would auto update them. I thought I would still need to reload the rules so that it re-reads the interface IP. I still have the dilemma of dynamic dns and a couple of other scripts that I run, based on the IP, that will require being run if the IP ever changes. I'm thinking there should be something I can do in /etc/dhclient.conf maybe to run them? Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E82A3F.9000903>