Subject: Re: ipf problem
To: Torsten Sadowski <email@example.com>
From: Laine Stump <firstname.lastname@example.org>
Date: 09/15/2004 19:48:43
At 03:06 PM 9/15/2004, Torsten Sadowski wrote:
>Thank you for the insight. This mean for me I can't use this approach for
>the router itself because the IP is dynamic.
You have two choices (well, you probably have more, and probably better
than these, but these are the two that I've used):
1) You can use "any" for the local-side IP address. Especially for outgoing
connections, this really isn't a security problem (unless you are concerned
about someone logged into your router running a program that spoofs the
source IP of packets it sends out)
2) You can make a template file for your ipf.conf, and a short script that
runs when triggered by dhclient, and puts the new IP address into the
proper places in the template, then reloads ipf.
(ipnat will automatically replace 0/32 in its config with the current IP of
the interface being used. I don't know if ipf has a similar trick).