Date: Thu, 25 Sep 2003 06:11:04 -0500 From: "Conrad J. Sabatier" <conrads@cox.net> To: David Wolfskill <david@catwhisker.org> Cc: freebsd-current@freebsd.org Subject: Re: dhclient/ipfw conflict on boot Message-ID: <20030925111104.GA808@cox.net> In-Reply-To: <200309241251.h8OCptBE003726@bunrab.catwhisker.org> References: <20030924055812.GA1702@cox.net> <200309241251.h8OCptBE003726@bunrab.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 24, 2003 at 05:51:56AM -0700, David Wolfskill wrote: > >From: "Conrad J. Sabatier" <conrads@cox.net> > >Subject: dhclient/ipfw conflict on boot > > >I just ran into this today after upgrading. It seems that dhclient is > >unable to initialize properly at boot time, due to the prior initialization > >of ipfw2 (default to deny policy). As all traffic is denied until my > >firewall ruleset gets loaded (not until just after dhclient fails), it's > >unable to communicate with my ISP's DHCP server. > > >This should be a quick and easy fix, right? :-) > > Well, my approach to a "quick and easy fix" is "Don't do that." > > For my laptop, I set up an ipfw specification that, on boot, only > permitted DHCP traffic. > > Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a > different script that flushes the old rules and creates a new set, based > on such things as my new IP address and the address of the DHCP server. > > Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is > exiting (leaving the network), the script re-invokes the "default" ipfw > script. Interesting. I'll have to setup something like that here. I was hoping that maybe it was because I had been forcing the ipfw module to load from /boot/loader.conf. But disabling that didn't help. :-( -- Conrad Sabatier <conrads@cox.net> - "In Unix veritas"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030925111104.GA808>