Dynamic IP and pf?

Eric F Crist ecrist at secure-computing.net
Fri Jan 14 12:50:15 PST 2005

On Jan 14, 2005, at 1:39 PM, Christopher McGee wrote:

> I have a cable modem that provides a dynamic IP address to the outside 
> interface of my firewall(5.3 with PF doing NAT).  If my IP address 
> changes I have to run a script to update my dynamic dns and reload my 
> firewall rules based on the new IP address. Is there a recommended way 
> of doing this other than having cron check to see if the IP addresss 
> has changed?
> Thanks,
> Chris

If you use ipfw for firewalling, try using the 'me' keyword, instead of 
an actual IP address.  For example, I use a similar line to:

ipfw add 100 deny ip from any 137-139 to me in via vr0

This line says to deny all IP traffic, from anyone, to ports 137, 138, 
and 139, destined for me, that is incoming on interface vr0.  This 
means, barring any other rules, that traffice coming in on vr1 will 
still be accepted.

Eric F Crist                  "I am so smart, S.M.R.T!"
Secure Computing Networks              -Homer J Simpson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050114/4a642e5f/PGP.bin

More information about the freebsd-questions mailing list