Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 Jun 2003 06:32:40 -0700 (PDT)
From:      David Wolfskill <david@catwhisker.org>
To:        freebsd-current@freebsd.org, r.s.a.vandomburg@student.utwente.nl
Subject:   Re: Support DHCP in rc.firewall by default?
Message-ID:  <200306131332.h5DDWecM007374@bunrab.catwhisker.org>
In-Reply-To: <200306130918.h5D9Ifi19647@netlx014.civ.utwente.nl>
next in thread | previous in thread | raw e-mail | index | archive | help 
>From: "Roderick van Domburg" <r.s.a.vandomburg@student.utwente.nl>
>To: <freebsd-current@freebsd.org>
>Date: Fri, 13 Jun 2003 11:18:45 +0200
>Subject: Support DHCP in rc.firewall by default?

>Right now, rc.firewall isn't set up to support DHCP configurations although
>it could easily be done so.

More or less, depending on one's requirements.

>Googling comes up with many references, for
>example http://www.freebsddiary.org/firewall.php (section "ipfw with DHCP
>etc" at the bottom of the page).

>Are there any reasons against having rc.firewall contain such lines? I
>reckon it would even come in handy for statically configured users: they'd
>only need to specify their network interface(s) once.

Well, you might consider submitting a PR with a suggested patch.  :-)

That said:  a while back (around the time that the BayLISA meetings
moved to Apple's facility, where they have wireless Internet access
available, and the DHCP server provides routable IP addresses), I
decided that setting up my laptop to make use of ipfw would be A Good
Thing.

The approach I used was to have a default configuration that blocked
everything but DHCP/BOOTP, then, in /etc/dhclient-exit-hooks, once I
know I have received a DHCP lease, invoke a script (with the
newly-assigned IP address as one of the arguments).

Note that I also had set up dhclient-exit-hooks to determine my hostname
(given the IP address) -- if it could, and to try to make use of an NTP
server.

Whether or not all of that comes very close to anyone else's perceived
requirements, I don't know -- but my guess is that it is fairly
idiosyncratic, at best.

Peace,
david
-- 
David H. Wolfskill				david@catwhisker.org
Based on what I have seen to date, the use of Microsoft products is not
consistent with reliability.  I recommend FreeBSD for reliable systems.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306131332.h5DDWecM007374>