dhclient/ipfw conflict on boot
Conrad J. Sabatier
conrads at cox.net
Thu Sep 25 04:11:40 PDT 2003
On Wed, Sep 24, 2003 at 05:51:56AM -0700, David Wolfskill wrote:
> >From: "Conrad J. Sabatier" <conrads at cox.net>
> >Subject: dhclient/ipfw conflict on boot
>
> >I just ran into this today after upgrading. It seems that dhclient is
> >unable to initialize properly at boot time, due to the prior initialization
> >of ipfw2 (default to deny policy). As all traffic is denied until my
> >firewall ruleset gets loaded (not until just after dhclient fails), it's
> >unable to communicate with my ISP's DHCP server.
>
> >This should be a quick and easy fix, right? :-)
>
> Well, my approach to a "quick and easy fix" is "Don't do that."
>
> For my laptop, I set up an ipfw specification that, on boot, only
> permitted DHCP traffic.
>
> Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a
> different script that flushes the old rules and creates a new set, based
> on such things as my new IP address and the address of the DHCP server.
>
> Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is
> exiting (leaving the network), the script re-invokes the "default" ipfw
> script.
Interesting. I'll have to setup something like that here.
I was hoping that maybe it was because I had been forcing the ipfw module to
load from /boot/loader.conf. But disabling that didn't help. :-(
--
Conrad Sabatier <conrads at cox.net> - "In Unix veritas"
More information about the freebsd-current
mailing list