Jonathan French wrote:
> I've been upgrading to 2.9.8/2.0.36, and I finally decided to try out
> Matthew Schalit's rc.pf script. I'd like to present to the developers
> what I worked out before I post the linuxrouter.org, to flush out any
> errors. I decided to figure out how to allow for dhcp, rc.pf and
> psentry to exist in harmony.
> Since dhclient-script is called when the IP address changes, it seems a
> natural place to call rc.pf.
dhcpcd uses /etc/dhcpcd/<something>-eth0.exe; hmmm.... since it's an
integral part of Oxygen (not an addon package) maybe I should.....
> So, in the BOUND and TIMEOUT sections,
> right after the gateway routing, I put
> a simple
> /etc/rc.pf start $new_dhcp_server_identifier $new_ip_address
>
> This way, every time the server or client dhcp address changes, it will
> get updated.
Why not use:
svi firewall restart
? This would allow several things: 1) firewall independence 2)
updates to other things if needed....
> I also realized, in paranoia, that if the IP address changes, portsentry
> wouldn't have the correct ignore ip address for the external nic, so in
> dhclient-script, after the rc.pf calls, I added:
> /etc/init.d/psentry stop
> rm /var/psentry/portsentry.ignore
> /etc/init.d/psentry start
>
> That forces psentry to make a new portsentry.ignore file.
Interesting!
Also, note here, that you can replace:
/etc/init.d/psentry stop
with:
svi psentry stop
...saves 8 bytes :-)
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
