michael, hostnames in ipf config files are resolved once, at ipf startup. so putting the name in your ipf config file won't work if the IP changes later. you will need to reload the rules to again resolve the hostname's new IP.
i can think of two options: 1) if you friend is always assigned an IP on a certain subnet, you could open up that range. the assumption here is that you are opening a single port, say 22/ssh. so in this case, security is not altogether compromised; your situation may differ however. 2) set up a cron job to get your friends ip address (nslookup|dig), and if it changes rewrite the config file and reload your rules. use extreme caution, as all errors must be dealt with so that ipf reloads correctly under all conditions. if not you may be left with no firewall. there are other options but we'd need to know more about what you are your friend are trying to accomplish. in some cases you may be able to turn the client/server around and have you (fixed IP) connect to him (dynamic IP), so the ipf ruleset is static. jim Michael Grant wrote:
I'm running ipf: IP Filter: v3.4.31 (336) Kernel: IP Filter: v3.4.31 on Freebsd 4.10 I need to open a hole for someone with a dynanic ip address. They have a hostname via dyndns.org. If I put the hostname in my ipf.conf file, when his address changes, will ipf use the new address automatically? Or do I need to reload my firewall rules via crontab? Michael Grant
