I prefer to use dhclient from ISC for my DHCP client. I have modified the RedHat /sbin/ifup and /sbin/ifdown scripts to use this program rather than pump. When using a dynamic address on my internet connection, these scripts and script changes seal off my external interface before the interface is started and reconfigure my firewall after I've obtained an changed IP address.
In /sbin/ifup, I have replaced:
if /sbin/pump $PUMPARGS -i $DEVICE
with:
if /sbin/dhclient $DEVICE; then
and in /sbin/ifdown, I have replaced:
/sbin/pump -r -i ${DEVICE}
with:
kill -TERM `cat /var/run/dhclient.pid`
Note that the "`" characters in the preceding line are back single quotes (upper left of your QWERTY keyboard).
I have created the file /etc/dhclient-enter-hooks which contains:
if [ x$reason = xPREINIT ]; then
/sbin/seawall stop
fi
and /etc/dhclient-exit-hooks which contains:
if [ -n "`ifconfig eth1 | grep UP`" ]; then
if [ x$reason = xRENEW ] || [x$reason = xREBIND ] || \
[ x$reason = xREBOOT ] || [x$reason = xRENEW ]; then
if [ x$old_ip_address = x] ||[x$old_ip_address != x$new_ip_address ] || \
[ x$reason == xBOUND ] || [ x$reason = xREBOOT ]; then
if [ -n "`ipchains -L -n | grep seawall`" ]; then
/sbin/seawall restart
else
/sbin/seawall start
fi
fi
fi
fi
The interface using dhclient is eth0. I include the test for eth1 being up so that I don't try to start Seattle Firewall before my local interface is up. The rc.x entires created by chkconfig will take care of starting the firewall during boot.
Both the enter and exit hook files must be executable by root.
Last updated 5/7/2000 - Tom Eastep