[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian equivalent of rc.firewall??

On Sun, Dec 24, 2000 at 02:12:12AM +0100, Carel Fellinger wrote:
> The problem with this is that I don't have an IP until after my outgoing
> interface is set-up:( I get my dynamic IP through dpcpc, so how can I
> get out this catch-22?

Well if you need to know the IP address of that interface when you run
the ruleset, then yes you are screwed until you know it.  In that case
what I would do is:

1) run a generic set of rules which denies everything on that interface,
using a "pre-up" command in the interfaces file (note that you may have
to make an exception to allow dhcp packets from your isp);
2) run another, final set of rules with an "up" command in interfaces.

There may be better ways of doing this, but that will work.  Come to
think of it, another option would be to force dhcpcd to execute a script
which does an "/etc/init.d/ipmasq restart" after any time that
interface's IP changes.  (I think dhcpcd can do this; I don't use it
myself though... I am on dial-up. :( )


Jim B.

Reply to: