From owner-freebsd-security Fri Oct 13 4:45:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id C89D737B502 for ; Fri, 13 Oct 2000 04:45:45 -0700 (PDT) Received: (qmail 29242 invoked by uid 1001); 13 Oct 2000 11:45:48 -0000 Date: Fri, 13 Oct 2000 14:45:48 +0300 From: Peter Pentchev To: Milo Bloom Cc: redwards@meccamediagroup.com, freebsd-security@FreeBSD.ORG Subject: Re: Dynamic rc.firewall Message-ID: <20001013144548.C17444@ringwraith.office1.bg> References: <20001013131528.A17444@ringwraith.office1.bg> <5.0.0.25.2.20001013032255.00a8ee40@127.0.0.1> <20001013131528.A17444@ringwraith.office1.bg> <20001013132743.B17444@ringwraith.office1.bg> <3.0.5.32.20001013073440.009093f0@pop-server.cinci.rr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3.0.5.32.20001013073440.009093f0@pop-server.cinci.rr.com>; from mbloom@cinci.rr.com on Fri, Oct 13, 2000 at 07:34:40AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 13, 2000 at 07:34:40AM -0400, Milo Bloom wrote: [snip] > > What?!? I actually have something to say?!? Something (hopefully) useful?!? > > Anyway, here's what I've done, which works with my cable modem setup using > DHCP. Now, I don't reboot much, but it has always worked whenever it parses > the file, and their lease period is 4 hours, which means it automatically > renews the lease every two hours, but it has worked for me. [And if _I_ > figured it out, then I figured _everyone_ knew how to do it!!!] > > Here's my lines in rc.firewall: > > # set these to your outside interface network and netmask and ip > oif="ex0" # card name > onet="24.129.15.0" # whatever your assigned range will be > omask="255.255.255.0" > oip="`ifconfig ex0 | grep inet | awk '{ print $2 }'`" > > Hope this helps. Let me (or the list) know how that works for you. Well, that's basically what my first solution does :) The final 'eval' line is suitable for a shell script - it calls ifconfig, parses its output, then sets all three variables. I still consider the 'set' solution a bit more efficient though :) And uhm.. pass the pointy hat again - if /usr is not mounted yet, then the 'set' way won't work either - it happens to need /usr/bin/grep! (or fgrep, which I like a bit more for searching for fixed strings) G'luck, Peter -- If you think this sentence is confusing, then change one pig. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message