ipfilter and DHCP

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Tue Apr 10 19:26:38 UTC 2007

"J.D. Bronson" <jbronson-freebsd at sixcompanies.com> writes:

> Ok...what do you guys do to handle a change of IP/network via DHCP
> with ipfilter?
> I have been told that if my IP changes while the machine is up and
> running that ipfilter WON'T see this change and needs to be
> told...supposedly it only reads the IP when it starts itself.
> If this is true, is there any easy way to fix this?
> I run ipcheck.py and that can invoke a script if needed if it notices
> and IP changed....
> ipnat.conf:
> map bge1 -> 0/32 proxy port ftp ftp/tcp
> map bge1 -> 0/32 portmap tcp/udp auto
> map bge1 -> 0/32
> rdr bge1 port 25 -> port 25
> I presume if it reads the IP and fills in the '0/32' + ''
> values at startup...having my IP change could be disasterous.

When your IP changes, you can have dhclient trigger a script of your
choosing.  You can use that to alter your firewall rules.

There are probably other approaches too.

