[Dnsmasq-discuss] command on DHCP release

Simon Kelley simon@thekelleys.org.uk
Tue, 26 Apr 2005 09:42:13 +0100

Csillag Kristˇf wrote:
> Hi there!
> I would like to configure my firewall host (running dnsmasq) so that
> when all dhcp leases are released (meaning all inner hosts are down),
> the firewall itself goes down automagically.
> To do this, I could periodically check for alive hosts on the firewall
> box, but it would be much more convenient if dnsmasq could run a user
> configurable external command on DHCP events.
> What do you think?
> Could you please add this feature?
> Best wishes:
> 	Kristof Csillag

There was a patch submitted here a month or so ago which did this (and 
more - it calls out on every lease state change.)

One reason I'm equivocating about adding it to the dnsmasq mainline is 
that it requires dnsmasq to run as root in order that the external 
command can also run as root. Normally dnsmasq drops all root privs 
after startup.

I guess that's relevant for your application too. Do you gain more 
security from your dynamic firewall rules that you lose from having a 
network-exposed daemon running as root rather than as nobody.