Saad Kadhi wrote:
On 14/01/2005 20:39 Christopher McGee wrote:
I have a cable modem that provides a dynamic IP address to the
outside interface of my firewall(5.3 with PF doing NAT). If my IP
address changes I have to run a script to update my dynamic dns and
reload my firewall rules based on the new IP address. Is there a
recommended way of doing this other than having cron check to see if
the IP addresss has changed?
the PF version integrated into 5.3 supports dynamic IPs by putting
parentheses around the interface name as explained in
http://www.openbsd.org/faq/pf/filter.html :
<excerpt>
The name of a network interface in parentheses ( ). This tells PF to
update the rule if the IP address(es) on the named interface change.
This is useful on an interface that gets its IP address via DHCP or
dial-up as the ruleset doesn't have to be reloaded each time the
address changes.
</excerpt>
for example :
my_if="hme0"
[...]
nat on $my_if proto tcp from any to any -> ($my_if)
[...]
pass in quick on $my_if proto tcp from any to ($my_if) port domain
flags S/SAFR keep state
I have setup my pf ruleset using the parentheses. I didn't realize it
would auto update them. I thought I would still need to reload the
rules so that it re-reads the interface IP. I still have the dilemma of
dynamic dns and a couple of other scripts that I run, based on the IP,
that will require being run if the IP ever changes. I'm thinking there
should be something I can do in /etc/dhclient.conf maybe to run them?
Chris
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
