ipfilter and DHCP
fbsd06 at mlists.homeunix.com
Tue Apr 10 20:06:17 UTC 2007
On Tue, 10 Apr 2007 15:26:36 -0400
Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
> "J.D. Bronson" <jbronson-freebsd at sixcompanies.com> writes:
> > Ok...what do you guys do to handle a change of IP/network via DHCP
> > with ipfilter?
> > I have been told that if my IP changes while the machine is up and
> > running that ipfilter WON'T see this change and needs to be
> > told...supposedly it only reads the IP when it starts itself.
> > If this is true, is there any easy way to fix this?
> > I run ipcheck.py and that can invoke a script if needed if it
> > notices and IP changed....
> > ipnat.conf:
> > map bge1 22.214.171.124/24 -> 0/32 proxy port ftp ftp/tcp
> > map bge1 126.96.36.199/24 -> 0/32 portmap tcp/udp auto
> > map bge1 188.8.131.52/24 -> 0/32
> > rdr bge1 0.0.0.0/0 port 25 -> 184.108.40.206 port 25
> > I presume if it reads the IP and fills in the '0/32' + '0.0.0.0/0'
> > values at startup...having my IP change could be disasterous.
> When your IP changes, you can have dhclient trigger a script of your
> choosing. You can use that to alter your firewall rules.
Does it matter though?
# rcorder /etc/rc.d/* |egrep "ipfil|dhc"
ipfilter doesn't actually have an ip address for the interface when it
starts up, so it seem unlikely it can't cope with a new address.
It wouldn't hurt to do an "/etc/rc.d/ipfilter resync" though
More information about the freebsd-questions