Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Jun 2001 16:53:02 -0500
From:      Shaun Marko <shaun.marko@gte.net>
To:        "Peter Brezny" <peter@sysadmin-inc.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: how to find dhclient ip for use in ipfw ruleset?
Message-ID:  <01061517230003.00821@shaggy.doo.com>
In-Reply-To: <MFEFLELMIJGKDKPCJHAFIEJDCDAA.peter@sysadmin-inc.com>
References:  <MFEFLELMIJGKDKPCJHAFIEJDCDAA.peter@sysadmin-inc.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
I wrote an /etc/dhclient-exit-hooks script that writes out the interface
configuration to a file and changed /etc/rc.conf to suck in the
configuration file. It looks something like this:

case ${reason} in 
BOUND | REBOOT | RENEW)
    echo "oif=${interface}" > /etc/oif
    echo "oip=${new_ip_address}" >> /etc/oif  
    echo "omask=${new_subnet_mask}" >> /etc/oif
    echo "onet=${new_network_number}" >> /etc/oif
     ;;
esac

Take a look at dhclient-script(8) for details of the optional exit and enter
hooks scripts.

The real trick is reconfiguring the firewall if the interface configuration
changes while you are up and running. If this happens, I suppose you could
also use the exit hooks script to down the outside interface, rewrite the ipfw
rules, and re-up the interface. 

-Shaun

On Fri, 15 Jun 2001, Peter Brezny wrote:
> How can you place a dynamically assigned dhclient ip address into an ipfw
> ruleset?
> 
> I've gotten used to writing rules based on external interface ip addresses
> and network ranges, however, now i'd like to write a ruleset that would work
> to firewall a small network behind a dsl router with a dynamically assigned
> ip.
> 
> I've gotten dhclient working, but i'm stumped as to how to get the
> dynamically assigned ip address into the ruleset.
> 
> TIA
> 
> Peter Brezny
> SysAdmin Services Inc.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01061517230003.00821>