>Date: Wed, 24 Sep 2003 00:58:12 -0500 >From: "Conrad J. Sabatier" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: dhclient/ipfw conflict on boot
>I just ran into this today after upgrading. It seems that dhclient is >unable to initialize properly at boot time, due to the prior initialization >of ipfw2 (default to deny policy). As all traffic is denied until my >firewall ruleset gets loaded (not until just after dhclient fails), it's >unable to communicate with my ISP's DHCP server. >This should be a quick and easy fix, right? :-) Well, my approach to a "quick and easy fix" is "Don't do that." For my laptop, I set up an ipfw specification that, on boot, only permitted DHCP traffic. Then in /etc/dhclient-exit-hooks, once I've got a lease, I invoke a different script that flushes the old rules and creates a new set, based on such things as my new IP address and the address of the DHCP server. Also in /etc/dhclient-exit-hooks, if it's invoked when dhclient is exiting (leaving the network), the script re-invokes the "default" ipfw script. Peace, david -- David H. Wolfskill [EMAIL PROTECTED] If you want true virus-protection for your PC, install a non-Microsoft OS on it. Plausible candidates include FreeBSD, Linux, NetBSD, OpenBSD, and Solaris (in alphabetical order). _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
