On Sun, Feb 27, 2000 at 12:48:53AM -0500, Jim Bloom wrote:
> I have been using cpp on my firewall to expand my local firewall rules and fill
> in the local address and subnetmask. This makes things easier my ISP decides to
> change my IP address using DHCP. My firewall is running an approximately one
> year old version of current and I'm trying to upgrade it to a recent version.
Probably not the answer you're looking for, but another approach
to consider:
I worked around this problem by having the dhclient-exit-hooks
script edit the new address into /etc/hosts, and ipfw uses the
symbolic name for the rule. Works quite nicely, but then I don't
have any rules that rely on the DHCP-supplied netmask.
And here's a picture:
if [ x$new_ip_address != x ]; then
cp /etc/hosts /tmp/hosts-foo
sed -e /gurney-/d /tmp/hosts-foo >/etc/hosts
echo "$new_ip_address gurney-gw.reilly.home gurney-gw" >>/etc/hosts
echo "$new_routers gurney-router.reilly.home gurney-router" >>/etc/hosts
echo "$new_domain_name_servers gurney-ns.reilly.home gurney-ns" >>/etc/
hosts
rm /tmp/hosts-foo
fi
I dare say that this would work less well if you were using a local DNS.
Maybe m4 (instead of cpp) is the right way to do it?
--
Andrew
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
