I wrote an /etc/dhclient-exit-hooks script that writes out the interface
configuration to a file and changed /etc/rc.conf to suck in the
configuration file. It looks something like this:
case ${reason} in
BOUND | REBOOT | RENEW)
echo "oif=${interface}" > /etc/oif
echo "oip=${new_ip_address}" >> /etc/oif
echo "omask=${new_subnet_mask}" >> /etc/oif
echo "onet=${new_network_number}" >> /etc/oif
;;
esac
Take a look at dhclient-script(8) for details of the optional exit and enter
hooks scripts.
The real trick is reconfiguring the firewall if the interface configuration
changes while you are up and running. If this happens, I suppose you could
also use the exit hooks script to down the outside interface, rewrite the ipfw
rules, and re-up the interface.
-Shaun
On Fri, 15 Jun 2001, Peter Brezny wrote:
> How can you place a dynamically assigned dhclient ip address into an ipfw
> ruleset?
>
> I've gotten used to writing rules based on external interface ip addresses
> and network ranges, however, now i'd like to write a ruleset that would work
> to firewall a small network behind a dsl router with a dynamically assigned
> ip.
>
> I've gotten dhclient working, but i'm stumped as to how to get the
> dynamically assigned ip address into the ruleset.
>
> TIA
>
> Peter Brezny
> SysAdmin Services Inc.
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
