Date: Wed, 26 Sep 2001 18:48:42 -0500 From: David Kelly <dkelly@hiwaay.net> To: Mike Porter <mupi@mknet.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: dhcp & cable, @home (help me fight the MS monopoly) Message-ID: <20010926184842.A23164@grumpy.dyndns.org> In-Reply-To: <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com>; from mupi@mknet.org on Wed, Sep 26, 2001 at 02:29:25PM -0600 References: <3.0.5.32.20010926000700.007ad100@widomaker.com> <200109261325.f8QDPe922234@c1828785-a.saltlk1.ut.home.com> <20010926113441.B12931@acadia.ne.mediaone.net> <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 26, 2001 at 02:29:25PM -0600, Mike Porter wrote: > > The problem is that the only times my IP has changed, it has gone from a > 24.x.x.x family to a 65.x.x.x family and back, which invalidates the > anti-spoofing rules, since those operate on the 24.x.x.255 and 24.x.x.0 > addresses if I am in a 24-family IP, but on 65.x.x.255 and .0 for the > 65-family IP's. This means that the entire ruleset must be rewritten, not > just a matter of flushing the tables and refreshing my own personal IP. I > suppose if I was really ambitious, it would be possible to write some perl or > sed or awk that would strip the first three octets from my ifconfig data, and > then supply a 255 and a 0, and restructure some of the other rules as well. > And as previously noted, that could be tied to dhclient-exit-hooks. But my > wife would object to the time spent. Ain't hard. Already been posted here in this thread. Here is how I do it, admittantly with ipfw and not ipf: # look for the line with netmask, then awk my IP address ip=$(/sbin/ifconfig ${nic} | grep netmask | awk '{print $2}') Is a bit harder to strip the bytes out of the address one at a time. > > BTW, to reset your firewall, I think all you have to do, if you are using the > default ipfw setup, is have dhclient-exit-hooks run /etc/rc.firewall restart. There is a dynamic DNS feature in the latest ISC DHCP stuff but I'm not sure how it hooks in. Yes, you could link rc.firewall to dhclient-exit-hooks but dhclient-exit-hooks sometimes runs 4 times for each lease renewal. This is not what anyone really wants to do. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926184842.A23164>