freeradius and dynamic ip allocation

Paul Richards paul at
Thu May 29 14:33:33 BST 2003

On Wed, May 28, 2003 at 08:59:47PM +0100, Dimitrios wrote:
> On Wed, 28 May 2003 20:09:35 +0100 (BST) Aled Morris <aledm at> wrote:
> > 	firewall_type="/etc/ipfw.rules"
> thats another way of using a custom file.
> i am not sure why there are two ways to do that,
> both firewall_type and firewall_script can be used.
> maybe backwards compatibility?
> though it does seem firewall_script is more direct,
> since firewall_type runs /etc/rc.firewall first.

I think I may have added this code, or perhaps I added the bit to run a
preprocessor, I forget.

Anyyway, originally there was just /etc/rc.firewall, which is a shell script. I
wanted to have all my firewall rules in a single file and just run ipfw
once to load that ruleset. I also wanted to run a preprocessor across
the file so you can do things like

add 100 allow all from myhost to somehost

and have the 'myhost' and 'somehost' be macros that are processed by the

The simplest way to integrate that into the pre-existing /etc/rc.firewall
script was, in the case of the type being unknown, check to see if the
type is actually a filename, in which case assume it's a ruleset file.

Tis a wise thing to know what is wanted, wiser still to know when
it has been achieved and wisest of all to know when it is unachievable
for then striving is folly. [Magician]

More information about the Ukfreebsd mailing list