From owner-freebsd-ipfw Sat Feb 26 23: 5:13 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from sr14.nsw-remote.bigpond.net.au (sr14.nsw-remote.bigpond.net.au [24.192.3.29]) by hub.freebsd.org (Postfix) with ESMTP id D6B1F37B638 for ; Sat, 26 Feb 2000 23:05:08 -0800 (PST) (envelope-from areilly@nsw.bigpond.net.au) Received: from areilly.bpc-users.org (CPE-144-132-171-71.nsw.bigpond.net.au [144.132.171.71]) by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id SAA15143 for ; Sun, 27 Feb 2000 18:05:05 +1100 (EDT) Received: (qmail 1147 invoked by uid 1000); 27 Feb 2000 07:05:05 -0000 From: "Andrew Reilly" Date: Sun, 27 Feb 2000 18:05:05 +1100 To: Jim Bloom Cc: freebsd-current@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: cpp change breaks ipfw Message-ID: <20000227180504.A255@gurney.reilly.home> References: <38B8BAC5.9927A56E@acm.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <38B8BAC5.9927A56E@acm.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Feb 27, 2000 at 12:48:53AM -0500, Jim Bloom wrote: > I have been using cpp on my firewall to expand my local firewall rules and fill > in the local address and subnetmask. This makes things easier my ISP decides to > change my IP address using DHCP. My firewall is running an approximately one > year old version of current and I'm trying to upgrade it to a recent version. Probably not the answer you're looking for, but another approach to consider: I worked around this problem by having the dhclient-exit-hooks script edit the new address into /etc/hosts, and ipfw uses the symbolic name for the rule. Works quite nicely, but then I don't have any rules that rely on the DHCP-supplied netmask. And here's a picture: if [ x$new_ip_address != x ]; then cp /etc/hosts /tmp/hosts-foo sed -e /gurney-/d /tmp/hosts-foo >/etc/hosts echo "$new_ip_address gurney-gw.reilly.home gurney-gw" >>/etc/hosts echo "$new_routers gurney-router.reilly.home gurney-router" >>/etc/hosts echo "$new_domain_name_servers gurney-ns.reilly.home gurney-ns" >>/etc/ hosts rm /tmp/hosts-foo fi I dare say that this would work less well if you were using a local DNS. Maybe m4 (instead of cpp) is the right way to do it? -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message