Date: Wed, 24 Sep 2003 05:51:56 -0700 (PDT) From: David Wolfskill <david@catwhisker.org> To: conrads@cox.net, freebsd-current@freebsd.org Subject: Re: dhclient/ipfw conflict on boot Message-ID: <200309241251.h8OCptBE003726@bunrab.catwhisker.org> In-Reply-To: <20030924055812.GA1702@cox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Wed, 24 Sep 2003 00:58:12 -0500 >From: "Conrad J. Sabatier" <conrads@cox.net> >To: freebsd-current@freebsd.org >Subject: dhclient/ipfw conflict on boot >I just ran into this today after upgrading. It seems that dhclient is >unable to initialize properly at boot time, due to the prior initialization >of ipfw2 (default to deny policy). As all traffic is denied until my >firewall ruleset gets loaded (not until just after dhclient fails), it's >unable to communicate with my ISP's DHCP server. >This should be a quick and easy fix, right? :-) Well, my approach to a "quick and easy fix" is "Don't do that." For my laptop, I set up an ipfw specification that, on boot, only permitted DHCP traffic. Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a different script that flushes the old rules and creates a new set, based on such things as my new IP address and the address of the DHCP server. Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is exiting (leaving the network), the script re-invokes the "default" ipfw script. Peace, david -- David H. Wolfskill david@catwhisker.org If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309241251.h8OCptBE003726>