My ISP uses DHCP to allocate IP numbers, so currently every time
the IP changes, I have to manually change my firewall rules.

I've just been looking into the 'me' option for ipfw:

me      matches any IP address configured on an interface in the
        system.  The address list is evaluated at the time the
        packet is analysed.

Since the machine is a gateway, it has two network cards.  Will
'me' match *both* IP address or just the first one it comes
across?  I only really want it to match the IP address of the
external interface, not the internal one.




