freeradius and dynamic ip allocation
paul at freebsd-services.com
Thu May 29 14:33:33 BST 2003
On Wed, May 28, 2003 at 08:59:47PM +0100, Dimitrios wrote:
> On Wed, 28 May 2003 20:09:35 +0100 (BST) Aled Morris <aledm at qix.co.uk> wrote:
> > firewall_type="/etc/ipfw.rules"
> thats another way of using a custom file.
> i am not sure why there are two ways to do that,
> both firewall_type and firewall_script can be used.
> maybe backwards compatibility?
> though it does seem firewall_script is more direct,
> since firewall_type runs /etc/rc.firewall first.
I think I may have added this code, or perhaps I added the bit to run a
preprocessor, I forget.
Anyyway, originally there was just /etc/rc.firewall, which is a shell script. I
wanted to have all my firewall rules in a single file and just run ipfw
once to load that ruleset. I also wanted to run a preprocessor across
the file so you can do things like
add 100 allow all from myhost to somehost
and have the 'myhost' and 'somehost' be macros that are processed by the
The simplest way to integrate that into the pre-existing /etc/rc.firewall
script was, in the case of the type being unknown, check to see if the
type is actually a filename, in which case assume it's a ruleset file.
Tis a wise thing to know what is wanted, wiser still to know when
it has been achieved and wisest of all to know when it is unachievable
for then striving is folly. [Magician]
More information about the Ukfreebsd