From owner-freebsd-questions Mon Jan 24 8: 5:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from europe.std.com (europe.std.com [199.172.62.20]) by hub.freebsd.org (Postfix) with ESMTP id C555A15201 for ; Mon, 24 Jan 2000 08:05:42 -0800 (PST) (envelope-from lowell@world.std.com) Received: from world.std.com (lowell@world-f.std.com [199.172.62.5]) by europe.std.com (8.9.3/8.9.3) with ESMTP id LAA09981; Mon, 24 Jan 2000 11:05:20 -0500 (EST) Received: (from lowell@localhost) by world.std.com (8.9.3/8.9.3) id LAA02710; Mon, 24 Jan 2000 11:05:16 -0500 (EST) Date: Mon, 24 Jan 2000 06:25:36 EST To: BCSFD204@aol.com, freebsd-questions@freebsd.org Subject: Re: rc.firewall and dhclient under 3.4 References: From: Lowell Gilbert In-Reply-To: BCSFD204@aol.com's message of Sun, 23 Jan 2000 18:58:11 EST Message-ID: Lines: 19 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG BCSFD204@aol.com writes: > Looking at rc.firewall, the design appears to assume that you have a static > IP address. Since I have to use ISC dhclient to connect to Road Runner the > "oip" value may change from time to time. > > If there is a way to change rc.firewall so it can work with changing 'outside > IP addesses' I have not found it. Use the outside interface instead of its address. The "simple" firewall type in rc.firewall uses this extensively. Personally, I think this (the interface approach) is a good general practice. *Never* hardcode an address in *anywhere* unless it's absolutely necessary. [It *is* often necessary with ipfw, particularly when there's more than one external address, but not in this case.] - Lowell To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message