Loading the PF ruleset fails due to ppp
Peter Jeremy
PeterJeremy at optushome.com.au
Tue Jun 8 19:48:57 GMT 2004
On Sun, 2004-Jun-06 12:46:09 +0200, Jonathan Weiss wrote:
>The problem is, that ppp is not fast enough for PF. PF is starting up before
>ppp gets an IP for tun0, so loading the ruleset fails. While using the
>PF-port, the time lag between starting ppp and PF was big enough, as PF was
>started whith the other third-party tools. With PF now in the basesystem, it
>is too fast for ppp.
...
>Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm sure
>when current become 5.3 I'll be not alone with my problem.
I disagree with this "solution". Whilst a 5 or 10 second sleep may work
for you today, it may not work tomorrow (when your ISP's servers are
a bit busier). It is unlikely to be appropriate for everyone.
It shouldn't be too difficult to force the rc.d scripts to synchronise
to the PPP link:
1) Create a "ppp.linkup" that creates a flag file somewhere
2) Create a rc.d script with "after ppp, before pf" (or whatever)
that waits for the flag file to appear (and then deletes it):
until [ -f /flag/file ] ; do sleep 1 ; done
(add error checking to suit)
--
Peter Jeremy
More information about the freebsd-current
mailing list