Date: Fri, 15 Jun 2001 16:53:02 -0500 From: Shaun Marko <shaun.marko@gte.net> To: "Peter Brezny" <peter@sysadmin-inc.com> Cc: freebsd-net@freebsd.org Subject: Re: how to find dhclient ip for use in ipfw ruleset? Message-ID: <01061517230003.00821@shaggy.doo.com> In-Reply-To: <MFEFLELMIJGKDKPCJHAFIEJDCDAA.peter@sysadmin-inc.com> References: <MFEFLELMIJGKDKPCJHAFIEJDCDAA.peter@sysadmin-inc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote an /etc/dhclient-exit-hooks script that writes out the interface configuration to a file and changed /etc/rc.conf to suck in the configuration file. It looks something like this: case ${reason} in BOUND | REBOOT | RENEW) echo "oif=${interface}" > /etc/oif echo "oip=${new_ip_address}" >> /etc/oif echo "omask=${new_subnet_mask}" >> /etc/oif echo "onet=${new_network_number}" >> /etc/oif ;; esac Take a look at dhclient-script(8) for details of the optional exit and enter hooks scripts. The real trick is reconfiguring the firewall if the interface configuration changes while you are up and running. If this happens, I suppose you could also use the exit hooks script to down the outside interface, rewrite the ipfw rules, and re-up the interface. -Shaun On Fri, 15 Jun 2001, Peter Brezny wrote: > How can you place a dynamically assigned dhclient ip address into an ipfw > ruleset? > > I've gotten used to writing rules based on external interface ip addresses > and network ranges, however, now i'd like to write a ruleset that would work > to firewall a small network behind a dsl router with a dynamically assigned > ip. > > I've gotten dhclient working, but i'm stumped as to how to get the > dynamically assigned ip address into the ruleset. > > TIA > > Peter Brezny > SysAdmin Services Inc. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01061517230003.00821>