Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 27 Feb 2000 18:05:05 +1100
From:      "Andrew Reilly" <areilly@nsw.bigpond.net.au>
To:        Jim Bloom <bloom@acm.org>
Cc:        freebsd-current@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: cpp change breaks ipfw
Message-ID:  <20000227180504.A255@gurney.reilly.home>
In-Reply-To: <38B8BAC5.9927A56E@acm.org>
References:  <38B8BAC5.9927A56E@acm.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 27, 2000 at 12:48:53AM -0500, Jim Bloom wrote:
> I have been using cpp on my firewall to expand my local firewall rules and fill
> in the local address and subnetmask.  This makes things easier my ISP decides to
> change my IP address using DHCP.  My firewall is running an approximately one
> year old version of current and I'm trying to upgrade it to a recent version.

Probably not the answer you're looking for, but another approach
to consider:

I worked around this problem by having the dhclient-exit-hooks
script edit the new address into /etc/hosts, and ipfw uses the
symbolic name for the rule.  Works quite nicely, but then I don't
have any rules that rely on the DHCP-supplied netmask.

And here's a picture:

if [ x$new_ip_address != x ]; then
  cp /etc/hosts /tmp/hosts-foo
  sed -e /gurney-/d /tmp/hosts-foo >/etc/hosts
  echo "$new_ip_address gurney-gw.reilly.home gurney-gw" >>/etc/hosts
  echo "$new_routers    gurney-router.reilly.home gurney-router" >>/etc/hosts
  echo "$new_domain_name_servers        gurney-ns.reilly.home gurney-ns" >>/etc/
hosts
  rm /tmp/hosts-foo
fi

I dare say that this would work less well if you were using a local DNS.

Maybe m4 (instead of cpp) is the right way to do it?

-- 
Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000227180504.A255>