Date: Sun, 18 Jul 1999 08:00:38 -0700 (PDT) From: "Jonathan M. Bresler" <jmb@hub.freebsd.org> To: green@FreeBSD.org Cc: shocking@prth.pgs.com, hackers@FreeBSD.org Subject: Re: Setting up a firewall with dynamic IPs Message-ID: <19990718150038.2004614EC4@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.10.9907131008190.76301-100000@janus.syracuse.net> (green@FreeBSD.org)
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, 13 Jul 1999, Stephen Hocking-Senior Programmer PGS Tensor Perth wrote:
>
> > I was checking out the firewall setup in /etc/rc.firewall, and noticed that
> > the simple example relied on a fixed IP address for the external interface. I
> > don't know ahead of time what IP address is going to be allocated to me before
> > I dial up. Would it be possible to specify an interface (tun0) rather than an
> > IP address?
>
> Yes. That's what the "via" keyword is for.
very late followup, but i am behind in my mail again.
to deal with this issue i use the following:
/etc/ppp/linkup:
#!/bin/sh
sh /etc/rc.firewall
/etc/rc.firewall (exerpt)
[snip]
if [ "${firewall_type}" = "MINE" ]; then
#
#
#
tun0=`ifconfig tun0 | grep netmask | cut -f 2 -d ' ' | tail -1`
ep0=`ifconfig ep0 | grep netmask | cut -f 2 -d ' '`
loopback="127.0.0.0/8"
net10="10.0.0.0/8"
net172="172.16.0.0/12"
net192="192.168.0.0/16"
localnet="192.168.250.0/24"
localhost="127.0.0.1"
ntpdate_host="128.115.14.97"
xntpd_host="204.91.99.129"
preppp="10.0.0.1"
#
# clear all rules
#
$fwcmd -f flush
#
# prevent source address spoofing
#
$fwcmd add 100 deny log all from ${tun0} to any in recv tun0
[snip]
this way, whenever i dialup, i get a new ip address.
the new ip address is used to create the firewall rules.
jmb
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990718150038.2004614EC4>