Using pf.conf with public access points.

Tue Mar 11 00:41:44 UTC 2014

On Mon, Mar 10, 2014 at 7:57 PM, Jason Hellenthal <jhellenthal at dataix.net>wrote:

> I feel as if you are over thinking this project just a little.
>
> dhclient has nothing to do with the bssid.
> wlanX can be setup to use DHCP and for wep or wpa or open connections in
> rc.conf.
> You can't control others firewalls only your own so why the worry about
> that ?
>
>
> --
>  Jason Hellenthal
>  Voice: 95.30.17.6/616
>  JJH48-ARIN
>
> On Mar 10, 2014, at 16:41, Joe Nosay <superbisquit at gmail.com> wrote:
>
>
>
>
> On Mon, Mar 10, 2014 at 2:56 PM, Jason Hellenthal <jhellenthal at dataix.net>wrote:
>
>> I nearly forgot all about that feature thank you for the reminder.
>>
>>
>> --
>>  Jason Hellenthal
>>  Voice: 95.30.17.6/616
>>  JJH48-ARIN
>>
>> On Mar 10, 2014, at 10:20, Ermal Luçi <eri at freebsd.org> wrote:
>>
>> Usually pf(4) does support having dynamic ips inside its ruleset.
>> For example just putting the interface name as address or putting
>> $iface:0 for first address etc...
>>
>> Take a look an man page of pf.conf and search for the string 'Interface
>> names and interface group names can'
>>
>>
>> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal at dataix.net
>> > wrote:
>>
>>> You'll want to not use up addresses in your pf.conf
>>>
>>> Block on default and then open up by definition of ports instead. Forget
>>> the whole IPAddr thing and treat this as a roaming client firewall.
>>>
>>>
>>> --
>>>  Jason Hellenthal
>>>  Voice: 95.30.17.6/616
>>>  JJH48-ARIN
>>>
>>> > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg at funkthat.com> wrote:
>>> >
>>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400:
>>> >> 2. How do I compensate for the use of public access points when the IP
>>> >> addresses will always be different?
>>> >
>>> > it doesn't appear that pf has this ability, but it looks like ipfw
>>> > has this, from ipfw(8):
>>> >             me      matches any IP address configured on an interface
>>> in the
>>> >                     system.
>>> >
>>> > So, maybe switching to ipfw might be an option..
>>> >
>>> > --
>>> >  John-Mark Gurney                Voice: +1 415 225 5579
>>> >
>>> >     "All that I will do, has been done, All that I have, has not."
>>> > _______________________________________________
>>> > freebsd-net at freebsd.org mailing list
>>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>>
>>
>>
>>
>> --
>> Ermal
>>
>>
>
> Has anyone thought about putting themselves in an environment similar to
> mine- not everything- when it comes to networking? You would have to set
> everything up with the following parameters:
> 1. Because you are at more than one place, you cannot setup wlanX or the
> wlandev in rc.conf. They must always be created after booting and logging
> in.
> 2. Dhclient cannot be automatic because a public access area may have more
> than one available bssid for connecting.
> 3. Since each public access will have different firewalls, streaming and
> web services may not be able to be ran.
> 4. A script would probably work better than static settings in this case.
>
>
>

Apologies.
I am trying different ways of setting up jailed networking. After setting
up the sysctl variables and chrooting into the jail, the difficulty comes
in connecting. I am going to try what is suggested by the ezjail page and
see if that helps.
Stepping back, I see that I should enable wlan0 to be created  in rc.conf
but not enable dhcp on it. Would that be the proper thing to do?