pf seems to start late?
Giorgos Keramidas
keramida at ceid.upatras.gr
Fri Mar 4 09:30:45 PST 2005
On 2005-03-04 18:41, Giorgos Keramidas <keramida at freebsd.org> wrote:
>On 2005-03-04 06:29, "J.D. Bronson" <jbronson at wixb.com> wrote:
>> Mar 4 06:15:11 sole kernel: Starting syslogd.
>> Mar 4 06:15:11 sole kernel: Mar 4 06:15:11 sole syslogd: kernel boot file is /boot/kernel/kernel
>> Mar 4 06:15:11 sole kernel: Starting named.
>> Mar 4 06:15:12 sole kernel: Setting date via ntp.
>> Mar 4 06:15:15 sole kernel: 4 Mar 06:15:15 ntpdate[345]: step time server x.x.x.x offset -0.534182 sec
>> Mar 4 06:15:15 sole kernel: Clearing /tmp.
>> Mar 4 06:15:16 sole kernel: ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
>> Mar 4 06:15:16 sole kernel: a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
>> Mar 4 06:15:16 sole kernel: Enabling pflogd
>> Mar 4 06:15:16 sole kernel: .
>> Mar 4 06:15:16 sole kernel: Mar 4 06:15:16 sole kernel: pflog0: promiscuous mode enabled
>> Mar 4 06:15:16 sole kernel: Enabling pf.
>> Mar 4 06:15:16 sole kernel: pf enabled
>>
>> Shouldn't PF start right after the interfaces come up? [...]
> [...]
> Can you try the following patch to your /etc/rc.d/pf script and tell me
> if it works for you or if it breaks anything important?
>
> %%%
> Index: pf
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/pf,v
> retrieving revision 1.6
> diff -u -r1.6 pf
> --- pf 25 Oct 2004 08:12:28 -0000 1.6
> +++ pf 4 Mar 2005 16:39:03 -0000
> @@ -5,7 +5,7 @@
>
> # PROVIDE: pf
> # REQUIRE: root mountcritlocal netif pflog
> -# BEFORE: DAEMON LOGIN
> +# BEFORE: netif
> # KEYWORD: nojail
>
> . /etc/rc.subr
> Index: pflog
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/pflog,v
> retrieving revision 1.5
> diff -u -r1.5 pflog
> --- pflog 16 Jan 2005 03:12:03 -0000 1.5
> +++ pflog 4 Mar 2005 16:40:21 -0000
> @@ -4,7 +4,7 @@
> #
>
> # PROVIDE: pflog
> -# REQUIRE: root mountcritlocal netif cleanvar
> +# REQUIRE: root mountcritlocal cleanvar
> # BEFORE: DAEMON LOGIN
> # KEYWORD: nojail
>
> %%%
Just in case anyone else tries using this, please try a version that
doesn't introduce a circular dependency of pf -> netif -> pf:
%%%
Index: pf
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/pf,v
retrieving revision 1.6
diff -u -r1.6 pf
--- pf 25 Oct 2004 08:12:28 -0000 1.6
+++ pf 4 Mar 2005 17:07:57 -0000
@@ -4,8 +4,8 @@
#
# PROVIDE: pf
-# REQUIRE: root mountcritlocal netif pflog
-# BEFORE: DAEMON LOGIN
+# REQUIRE: root mountcritlocal pflog
+# BEFORE: netif
# KEYWORD: nojail
. /etc/rc.subr
Index: pflog
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
retrieving revision 1.5
diff -u -r1.5 pflog
--- pflog 16 Jan 2005 03:12:03 -0000 1.5
+++ pflog 4 Mar 2005 17:09:37 -0000
@@ -4,8 +4,8 @@
#
# PROVIDE: pflog
-# REQUIRE: root mountcritlocal netif cleanvar
-# BEFORE: DAEMON LOGIN
+# REQUIRE: root mountcritlocal cleanvar
+# BEFORE: DAEMON LOGIN pf
# KEYWORD: nojail
. /etc/rc.subr
%%%
More information about the freebsd-questions
mailing list