LJ> Leslie Jensen skrev: >> >> Dennis skrev: >> >>> LJ> Oh, I didn't know that! Can you tell me how to handle this? >>> >>> LJ> The problem is these hosts are not fixed IP's so they use no-ip >>> LJ> (http://www.no-ip.com/) to provide a fixed address. >>> >>> It's possible to populate the table after network initialized and all >>> other cervices are up. Just place empty table >>> >>> table <goodguys> persist >>> >>> in your pf.conf and >>> >>> pfctl -t goodguys -T add \ >>> something.somewhere.com \ >>> somethingelse.somewhere.com \ >>> xxx.yyy.zzz.qqq & >>> >>> into your /etc/rc.local, so pf will start up without delays. >>> >> >> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >> must go somewhere else, do you know where? >> LJ> If I've understood this right this will only be right at the time the LJ> machine starts. How do I get to know if the hosts changes their LJ> addresses. Should I invoke a cron job that does the same as you suggested? LJ> Thanks
Yes. Also you would have to clear the table before loading new IP addresses into it. Querying authoritative server with, for example `nslookup`, instead of relying on local resolver would make this thing more robust. Regards, Dennis. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
