Date: Wed, 26 Sep 2001 18:48:42 -0500 From: David Kelly <dkelly@hiwaay.net> To: Mike Porter <mupi@mknet.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: dhcp & cable, @home (help me fight the MS monopoly) Message-ID: <20010926184842.A23164@grumpy.dyndns.org> In-Reply-To: <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com>; from mupi@mknet.org on Wed, Sep 26, 2001 at 02:29:25PM -0600 References: <3.0.5.32.20010926000700.007ad100@widomaker.com> <200109261325.f8QDPe922234@c1828785-a.saltlk1.ut.home.com> <20010926113441.B12931@acadia.ne.mediaone.net> <200109262029.f8QKTQH00642@c1828785-a.saltlk1.ut.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 26, 2001 at 02:29:25PM -0600, Mike Porter wrote:
>
> The problem is that the only times my IP has changed, it has gone from a
> 24.x.x.x family to a 65.x.x.x family and back, which invalidates the
> anti-spoofing rules, since those operate on the 24.x.x.255 and 24.x.x.0
> addresses if I am in a 24-family IP, but on 65.x.x.255 and .0 for the
> 65-family IP's. This means that the entire ruleset must be rewritten, not
> just a matter of flushing the tables and refreshing my own personal IP. I
> suppose if I was really ambitious, it would be possible to write some perl or
> sed or awk that would strip the first three octets from my ifconfig data, and
> then supply a 255 and a 0, and restructure some of the other rules as well.
> And as previously noted, that could be tied to dhclient-exit-hooks. But my
> wife would object to the time spent.
Ain't hard. Already been posted here in this thread. Here is how I do
it, admittantly with ipfw and not ipf:
# look for the line with netmask, then awk my IP address
ip=$(/sbin/ifconfig ${nic} | grep netmask | awk '{print $2}')
Is a bit harder to strip the bytes out of the address one at a time.
>
> BTW, to reset your firewall, I think all you have to do, if you are using the
> default ipfw setup, is have dhclient-exit-hooks run /etc/rc.firewall restart.
There is a dynamic DNS feature in the latest ISC DHCP stuff but I'm not
sure how it hooks in.
Yes, you could link rc.firewall to dhclient-exit-hooks but
dhclient-exit-hooks sometimes runs 4 times for each lease renewal. This
is not what anyone really wants to do.
--
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926184842.A23164>