Date: Mon, 10 Mar 2014 09:20:01 -0500 From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: Joe Nosay <superbisquit@gmail.com>, John-Mark Gurney <jmg@funkthat.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Using pf.conf with public access points. Message-ID: <CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg@mail.gmail.com> In-Reply-To: <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net> References: <CA%2BWntOsQG-OeF8AmiftKt6-7upXTN7Pnv4ogZJmt6kjZ0GsZAA@mail.gmail.com> <20140309231829.GG32089@funkthat.com> <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Usually pf(4) does support having dynamic ips inside its ruleset. For example just putting the interface name as address or putting $iface:0 for first address etc... Take a look an man page of pf.conf and search for the string 'Interface names and interface group names can' On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal@dataix.net>wrote: > You'll want to not use up addresses in your pf.conf > > Block on default and then open up by definition of ports instead. Forget > the whole IPAddr thing and treat this as a roaming client firewall. > > > -- > Jason Hellenthal > Voice: 95.30.17.6/616 > JJH48-ARIN > > > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg@funkthat.com> wrote: > > > > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400: > >> 2. How do I compensate for the use of public access points when the IP > >> addresses will always be different? > > > > it doesn't appear that pf has this ability, but it looks like ipfw > > has this, from ipfw(8): > > me matches any IP address configured on an interface in > the > > system. > > > > So, maybe switching to ipfw might be an option.. > > > > -- > > John-Mark Gurney Voice: +1 415 225 5579 > > > > "All that I will do, has been done, All that I have, has not." > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > -- Ermal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg>