On Tue, 10 Apr 2007 15:26:36 -0400 Lowell Gilbert <[EMAIL PROTECTED]> wrote:
> "J.D. Bronson" <[EMAIL PROTECTED]> writes: > > > Ok...what do you guys do to handle a change of IP/network via DHCP > > with ipfilter? > > > > I have been told that if my IP changes while the machine is up and > > running that ipfilter WON'T see this change and needs to be > > told...supposedly it only reads the IP when it starts itself. > > > > If this is true, is there any easy way to fix this? > > I run ipcheck.py and that can invoke a script if needed if it > > notices and IP changed.... > > > > ipnat.conf: > > map bge1 192.43.82.0/24 -> 0/32 proxy port ftp ftp/tcp > > map bge1 192.43.82.0/24 -> 0/32 portmap tcp/udp auto > > map bge1 192.43.82.0/24 -> 0/32 > > > > rdr bge1 0.0.0.0/0 port 25 -> 192.43.82.170 port 25 > > > > > > I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0' > > values at startup...having my IP change could be disasterous. > > When your IP changes, you can have dhclient trigger a script of your > choosing. You can use that to alter your firewall rules. Does it matter though? # rcorder /etc/rc.d/* |egrep "ipfil|dhc" /etc/rc.d/ipfilter /etc/rc.d/dhclient ipfilter doesn't actually have an ip address for the interface when it starts up, so it seem unlikely it can't cope with a new address. It wouldn't hurt to do an "/etc/rc.d/ipfilter resync" though _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
