Date: Tue, 10 Apr 2007 21:06:13 +0100 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: ipfilter and DHCP Message-ID: <20070410210613.6af9b48c@gumby.homeunix.com> In-Reply-To: <44mz1gqbdf.fsf@be-well.ilk.org> References: <200704101334.l3ADY1MJ006807@shadow.sixcompanies.com> <44mz1gqbdf.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Apr 2007 15:26:36 -0400 Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: > "J.D. Bronson" <jbronson-freebsd@sixcompanies.com> writes: > > > Ok...what do you guys do to handle a change of IP/network via DHCP > > with ipfilter? > > > > I have been told that if my IP changes while the machine is up and > > running that ipfilter WON'T see this change and needs to be > > told...supposedly it only reads the IP when it starts itself. > > > > If this is true, is there any easy way to fix this? > > I run ipcheck.py and that can invoke a script if needed if it > > notices and IP changed.... > > > > ipnat.conf: > > map bge1 192.43.82.0/24 -> 0/32 proxy port ftp ftp/tcp > > map bge1 192.43.82.0/24 -> 0/32 portmap tcp/udp auto > > map bge1 192.43.82.0/24 -> 0/32 > > > > rdr bge1 0.0.0.0/0 port 25 -> 192.43.82.170 port 25 > > > > > > I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0' > > values at startup...having my IP change could be disasterous. > > When your IP changes, you can have dhclient trigger a script of your > choosing. You can use that to alter your firewall rules. Does it matter though? # rcorder /etc/rc.d/* |egrep "ipfil|dhc" /etc/rc.d/ipfilter /etc/rc.d/dhclient ipfilter doesn't actually have an ip address for the interface when it starts up, so it seem unlikely it can't cope with a new address. It wouldn't hurt to do an "/etc/rc.d/ipfilter resync" though
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070410210613.6af9b48c>