Loading the PF ruleset fails due to ppp

Peter Jeremy PeterJeremy at optushome.com.au
Tue Jun 8 19:48:57 GMT 2004

On Sun, 2004-Jun-06 12:46:09 +0200, Jonathan Weiss wrote:
>The problem is, that ppp is not fast enough for PF. PF is starting up before
>ppp gets an IP for tun0, so loading the ruleset fails. While using the
>PF-port, the time lag between starting ppp and PF was big enough, as PF was
>started whith the other third-party tools. With PF now in the basesystem, it
>is too fast for ppp.
>Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm sure
>when current become 5.3 I'll be not alone with my problem.

I disagree with this "solution".  Whilst a 5 or 10 second sleep may work
for you today, it may not work tomorrow (when your ISP's servers are
a bit busier).  It is unlikely to be appropriate for everyone.

It shouldn't be too difficult to force the rc.d scripts to synchronise
to the PPP link:
1) Create a "ppp.linkup" that creates a flag file somewhere
2) Create a rc.d script with "after ppp, before pf" (or whatever)
   that waits for the flag file to appear (and then deletes it):
	until [ -f /flag/file ] ; do sleep 1 ; done
   (add error checking to suit)
Peter Jeremy

More information about the freebsd-current mailing list