On Jan 14, 2005, at 1:39 PM, Christopher McGee wrote:
I have a cable modem that provides a dynamic IP address to the outside interface of my firewall(5.3 with PF doing NAT). If my IP address changes I have to run a script to update my dynamic dns and reload my firewall rules based on the new IP address. Is there a recommended way of doing this other than having cron check to see if the IP addresss has changed?
Thanks, Chris
If you use ipfw for firewalling, try using the 'me' keyword, instead of an actual IP address. For example, I use a similar line to:
ipfw add 100 deny ip from any 137-139 to me in via vr0
This line says to deny all IP traffic, from anyone, to ports 137, 138, and 139, destined for me, that is incoming on interface vr0. This means, barring any other rules, that traffice coming in on vr1 will still be accepted.
HTH _______________________________________________________ Eric F Crist "I am so smart, S.M.R.T!" Secure Computing Networks -Homer J Simpson
PGP.sig
Description: This is a digitally signed message part
