Probably the reload scheme is going to be the one I use unless someone comes up with something different. I have also considered setting up a vpn though this probably is too complicated for this person.
The person needs needs to modify a web page via front-page and I just refuse to open the front page extensions up to the world. I don't see how I could make this turn around. I'm familiar with the concept, but as you may know, fpe for apache is a black box written by microsoft. Incidently, I tried ftp with front page and it does not support modifying a web page via ftp. Maybe I could mount the disk on the server using samba? Again though, I'd really prefer to do that with a specific firewall rule for this person, I don't want to open smb to the world. Michael Grant On 5/1/06, Jim Sandoz <[EMAIL PROTECTED]> wrote:
michael, hostnames in ipf config files are resolved once, at ipf startup. so putting the name in your ipf config file won't work if the IP changes later. you will need to reload the rules to again resolve the hostname's new IP. i can think of two options: 1) if you friend is always assigned an IP on a certain subnet, you could open up that range. the assumption here is that you are opening a single port, say 22/ssh. so in this case, security is not altogether compromised; your situation may differ however. 2) set up a cron job to get your friends ip address (nslookup|dig), and if it changes rewrite the config file and reload your rules. use extreme caution, as all errors must be dealt with so that ipf reloads correctly under all conditions. if not you may be left with no firewall. there are other options but we'd need to know more about what you are your friend are trying to accomplish. in some cases you may be able to turn the client/server around and have you (fixed IP) connect to him (dynamic IP), so the ipf ruleset is static. jim Michael Grant wrote: > I'm running ipf: IP Filter: v3.4.31 (336) > Kernel: IP Filter: v3.4.31 > on Freebsd 4.10 > > I need to open a hole for someone with a dynanic ip address. They > have a hostname via dyndns.org. If I put the hostname in my ipf.conf > file, when his address changes, will ipf use the new address > automatically? Or do I need to reload my firewall rules via crontab? > > Michael Grant >
