James Carlson wrote: > Glenn Brunette writes: > >> 1. Global Zone >> >> - has two IP addresses: >> * public address obtained via DHCP (e1000g0) >> * private (crossbow) address (192.168.0.254) >> > [...] > >> 1. Global zone is unrestricted in communicating with public network. >> > [...] > >> The configuration in my last message does this. The only thing >> that I had wanted to do was tighten the IPF rule associated with >> #1 above (for the Global Zone). Since this is a DHCP issued >> address, I would like a keyword to use that will be substituted >> like (0/32 is in ipnat.conf). >> > > I think "<thishost>" would work. > > I've never seen "0/32" used in ipnat.conf. It doesn't seem to be > described in ipnet.conf. > > You'll probably need to talk with one of the IPF experts (when they > come on line) about that. >
Jim is both right and wrong. The 0/32 isn't currently supported for ipnat.conf. The "<thishost>" probably won't work. What I'd recommend doing is adding something to dhcp bringing up/down the link, using a shell script, that adds and removes the correct rules. Darren _______________________________________________ networking-discuss mailing list [email protected]
