From owner-freebsd-questions@FreeBSD.ORG Tue Jul 1 08:18:23 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0A2937B401 for ; Tue, 1 Jul 2003 08:18:23 -0700 (PDT) Received: from mail.lewiz.org (pam80-1-5-240.man.dial.ntli.net [80.1.5.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id E1C5744005 for ; Tue, 1 Jul 2003 08:18:21 -0700 (PDT) (envelope-from lewiz@green.lewiz.org) Received: from green.lewiz.org ([192.168.0.10]) by mail.lewiz.org with smtp (Exim 4.20) id 19XMtN-000A74-1T; Tue, 01 Jul 2003 15:18:01 +0000 Received: (nullmailer pid 9440 invoked by uid 4001); Tue, 01 Jul 2003 15:18:02 -0000 Date: Tue, 1 Jul 2003 16:18:02 +0100 From: lewiz To: Dan Pelleg Message-ID: <20030701151802.GA9390@lewiz.org> Mail-Followup-To: lewiz , Dan Pelleg , FreeBSD-questions References: <20030701063248.GA904@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.westwood.karoo.net/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.4i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: FreeBSD-questions Subject: Re: Variable NFS mounts / firewall rules. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2003 15:18:24 -0000 --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 01, 2003 at 08:45:54AM -0400, Dan Pelleg wrote: > 2. Use the automounter to mount NFS volumes on-demand. This way you will > not have to worry about mounting until you actually need to access the > volume. See amd(8). That's a good idea I didn't think off :) I messed with amd(8) once before and ran into trouble. I can see in this case it would be ideal, and shall have a go at getting it to play nicely. > 3. ipfw supports the "me" keyword, to flexibly refer to your currently > assigned IP address. Yes, I had looked at this. However, I was meaning trying to have a solution where a different set of firewall rules would be started based on the assigned IP address. > 4. Just in case it might help you, here is my /etc/dhclient-exit-hooks: >=20 > # nothing to do unless we're bound > case ${reason} in > BOUND | RENEW | REBIND | REBOOT ) > if [ -n "${new_domain_name_servers}" ]; then > if [ -z "${old_domain_name_servers}" ] || [ x${old_ip_address= } !=3D x{$new_ip_address} ]; then > [ -x /etc/refresh-named ] && /etc/refresh-named ${new_dom= ain_name_servers} > [ -x /etc/set-time ] && /etc/set-time > fi > fi > ;; > esac Yeah, I think I can see that this might even be a good place to start/stop (stop if required, I haven't read amd(8) yet) amd from. Also, I can set my symlinks in case the reason is not one of yours listed. > 5. You can further run ifconfig commands in /etc/start_if. > (for example /etc/start_if.fxp0 ). I use start_if.ep0 to set the media for my network card. Does this get re sourced after dhclient has done it's magic? I was under the assumption that it got executed /before/ dhclient, and would therefore be of little use to set variables based on the output of dhclient... ? Many thanks! You've given me some excellent ideas. I'll tell you how I fare. -lewiz. --=20 In the long run, every program becomes rococo, and then rubble. -- Alan Perlis ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/AaYpItq0KFQv7T8RAj0MAJ4zS0b6FSUSCU+M6E4hvXCLe8AULQCgkc0y NVPkH00oyrvMkDkcThVACCw= =wwPt -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--