Re: dhclient/ipfw conflict on boot

From: Conrad J. Sabatier <conrads_at_cox.net>
Date: Thu, 25 Sep 2003 06:11:04 -0500
On Wed, Sep 24, 2003 at 05:51:56AM -0700, David Wolfskill wrote:
> >From: "Conrad J. Sabatier" <conrads_at_cox.net>
> >Subject: dhclient/ipfw conflict on boot
> 
> >I just ran into this today after upgrading.  It seems that dhclient is 
> >unable to initialize properly at boot time, due to the prior initialization 
> >of ipfw2 (default to deny policy).  As all traffic is denied until my 
> >firewall ruleset gets loaded (not until just after dhclient fails), it's 
> >unable to communicate with my ISP's DHCP server.
> 
> >This should be a quick and easy fix, right?  :-)
> 
> Well, my approach to a "quick and easy fix" is "Don't do that."
> 
> For my laptop, I set up an ipfw specification that, on boot, only
> permitted DHCP traffic.
> 
> Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a
> different script that flushes the old rules and creates a new set, based
> on such things as my new IP address and the address of the DHCP server.
> 
> Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is
> exiting (leaving the network), the script re-invokes the "default" ipfw
> script.

Interesting.  I'll have to setup something like that here.

I was hoping that maybe it was because I had been forcing the ipfw module to 
load from /boot/loader.conf.  But disabling that didn't help.  :-(

-- 
Conrad Sabatier <conrads_at_cox.net> - "In Unix veritas"
Received on Thu Sep 25 2003 - 02:11:40 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:23 UTC