Dynamic IP and pf?
Eric F Crist
ecrist at secure-computing.net
Fri Jan 14 12:50:15 PST 2005
On Jan 14, 2005, at 1:39 PM, Christopher McGee wrote:
> I have a cable modem that provides a dynamic IP address to the outside
> interface of my firewall(5.3 with PF doing NAT). If my IP address
> changes I have to run a script to update my dynamic dns and reload my
> firewall rules based on the new IP address. Is there a recommended way
> of doing this other than having cron check to see if the IP addresss
> has changed?
If you use ipfw for firewalling, try using the 'me' keyword, instead of
an actual IP address. For example, I use a similar line to:
ipfw add 100 deny ip from any 137-139 to me in via vr0
This line says to deny all IP traffic, from anyone, to ports 137, 138,
and 139, destined for me, that is incoming on interface vr0. This
means, barring any other rules, that traffice coming in on vr1 will
still be accepted.
Eric F Crist "I am so smart, S.M.R.T!"
Secure Computing Networks -Homer J Simpson
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050114/4a642e5f/PGP.bin
More information about the freebsd-questions