[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Further exploration of DHCP and Packet Filter.

To: misc@openbsd.org
Subject: Further exploration of DHCP and Packet Filter.
From: Nick <nagray@austin.rr.com>
Date: Tue, 12 Mar 2002 15:54:22 -0600

All,

	In the effort to get as much out of a dhcp based vpn client. I am looking 
a some of my rules that I am using on the static ip machines and seeing how 
they apply. Anyone got any thoughts on this one. I think this is a great 
rule for the static machines. Since everything is natted this says dont let 
someone on the outside use me as a router. (At least that is the way I 
interpret this rule). Problem is that this will break on a reboot with a 
changed IP.
I would be nice to have a macro that says get the IP that is assigned to an 
interface and assign it to a variable. Anyone have any ideas??

Comments welcome.


## Let all traffic out through the outside interface using tcp, udp or icmp
pass out log quick on $ext_if proto udp from $ext_ip to any keep state
pass out log quick on $ext_if proto tcp from $ext_ip to any keep state
pass out log quick on $ext_if proto icmp from $ext_ip to any keep state
--
Vides Credendo!
Nick Gray
Senior Network Engineer
Bruzenak inc.
nagray@bruzenak.com

Prev by Date: Re: IDE
Next by Date: Re: NE3: device timeout
Prev by thread: Re: IDE
Next by thread: Cisco Aironet LMC342 and WEP
Index(es):
- Date
- Thread