New pf install on Freebsd7 seem to be a slow starter.
Dennis
hideous at mail.ru
Thu Jul 10 13:01:34 UTC 2008
LJ> Leslie Jensen skrev:
>>
>> Dennis skrev:
>>
>>> LJ> Oh, I didn't know that! Can you tell me how to handle this?
>>>
>>> LJ> The problem is these hosts are not fixed IP's so they use no-ip
>>> LJ> (http://www.no-ip.com/) to provide a fixed address.
>>>
>>> It's possible to populate the table after network initialized and all
>>> other cervices are up. Just place empty table
>>>
>>> table <goodguys> persist
>>>
>>> in your pf.conf and
>>>
>>> pfctl -t goodguys -T add \
>>> something.somewhere.com \
>>> somethingelse.somewhere.com \
>>> xxx.yyy.zzz.qqq &
>>>
>>> into your /etc/rc.local, so pf will start up without delays.
>>>
>>
>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing
>> must go somewhere else, do you know where?
>>
LJ> If I've understood this right this will only be right at the time the
LJ> machine starts. How do I get to know if the hosts changes their
LJ> addresses. Should I invoke a cron job that does the same as you suggested?
LJ> Thanks
Yes. Also you would have to clear the table before loading new IP
addresses into it. Querying authoritative server with, for example
`nslookup`, instead of relying on local resolver would make this thing
more robust.
Regards,
Dennis.
More information about the freebsd-pf
mailing list