Subject: Re: NAT & IPFilter
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: tech-security
Date: 07/23/2001 18:20:28
On Sun, Jul 22, 2001 at 01:04:36PM -0700, Cy Schubert - ITSD Open Systems Group wrote:
> In message <3B5B2A4B.26D13E5E@miltonstreet.com>, Sam Carleton writes:
> > Ok, but how do I go about getting ipf -y to run whenever the machine gets a
> > new IP address?
>
> IIRC, you get your IP address through DHCP. You would have to put the
> ipf -y command in your dhclient-script script.
Well, this is probably what you meant, but the right place for this
is actually /etc/dhclient-exit-hooks.
(dhclient-script is designed to be modular. Whenever you think you
need to edit it, what you really need to do is overwrite a function
from it in /etc/dhclient-enter-hooks. Whenever you think you need to
tack something on the end of it, you really need to put that in
/etc/dhclient-exit-hooks.)
--
~ g r @ eclipsed.net