On Wed, Sep 24, 2003 at 05:51:56AM -0700, David Wolfskill wrote: > >From: "Conrad J. Sabatier" <conrads_at_cox.net> > >Subject: dhclient/ipfw conflict on boot > > >I just ran into this today after upgrading. It seems that dhclient is > >unable to initialize properly at boot time, due to the prior initialization > >of ipfw2 (default to deny policy). As all traffic is denied until my > >firewall ruleset gets loaded (not until just after dhclient fails), it's > >unable to communicate with my ISP's DHCP server. > > >This should be a quick and easy fix, right? :-) > > Well, my approach to a "quick and easy fix" is "Don't do that." > > For my laptop, I set up an ipfw specification that, on boot, only > permitted DHCP traffic. > > Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a > different script that flushes the old rules and creates a new set, based > on such things as my new IP address and the address of the DHCP server. > > Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is > exiting (leaving the network), the script re-invokes the "default" ipfw > script. Interesting. I'll have to setup something like that here. I was hoping that maybe it was because I had been forcing the ipfw module to load from /boot/loader.conf. But disabling that didn't help. :-( -- Conrad Sabatier <conrads_at_cox.net> - "In Unix veritas"Received on Thu Sep 25 2003 - 02:11:40 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:23 UTC