On 6/8/20 10:32 AM, Tom Eastep wrote: > Why not assign this host a static IP address via DHCP? That's what I do > with my local systems.
hm... not sure I follow. the 'local' box does get its external IPv4 address from the ISP. ( technically, it's actually getting it from the modem, configured in passthrough-mode, which _itself_ is a dhcp client to the upstream's DHCP services.) _that_ is the occassionally-changing dynamic IP that I'm fussing about with. the _remote_ SW instance allows ONLY that _local_ IP access to SSH -- as mentioned, both in normal & 'emergency' mode, so as not to lock myself out when I fubar something. worst case, the remote VM host provides out-of-band access ... the _local_ IPv4 address *is* dynamic; what is it that you're suggesting by "assign this host a static IP address via DHCP"? I think I'm missing a good idea :-/ > Your idea of using DNS isn't terrible if your /init file assigns a > default (like the last known address) so that the firewall will at least > start if DNS lookup fails. forgot about setting a fallback default! does shorewall have a "last know address" concept, perhaps in its 'restore' data? if not, I can rely again on a shell script to populate a txt file, and `cat` it into a SW addressvariable. and with the aforementioned out-of-band access, a DNS-based approach is not irreversibly catastrophic when something goes sideways. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
