> On Tue, 13 Jul 1999, Stephen Hocking-Senior Programmer PGS Tensor Perth wrote:
>
> > I was checking out the firewall setup in /etc/rc.firewall, and noticed that
> > the simple example relied on a fixed IP address for the external interface.
> > I
> > don't know ahead of time what IP address is going to be allocated to me
> > before
> > I dial up. Would it be possible to specify an interface (tun0) rather than
> > an
> > IP address?
>
> Yes. That's what the "via" keyword is for.
very late followup, but i am behind in my mail again.
to deal with this issue i use the following:
/etc/ppp/linkup:
#!/bin/sh
sh /etc/rc.firewall
/etc/rc.firewall (exerpt)
[snip]
if [ "${firewall_type}" = "MINE" ]; then
#
#
#
tun0=`ifconfig tun0 | grep netmask | cut -f 2 -d ' ' | tail -1`
ep0=`ifconfig ep0 | grep netmask | cut -f 2 -d ' '`
loopback="127.0.0.0/8"
net10="10.0.0.0/8"
net172="172.16.0.0/12"
net192="192.168.0.0/16"
localnet="192.168.250.0/24"
localhost="127.0.0.1"
ntpdate_host="128.115.14.97"
xntpd_host="204.91.99.129"
preppp="10.0.0.1"
#
# clear all rules
#
$fwcmd -f flush
#
# prevent source address spoofing
#
$fwcmd add 100 deny log all from ${tun0} to any in recv tun0
[snip]
this way, whenever i dialup, i get a new ip address.
the new ip address is used to create the firewall rules.
jmb
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
