fbsd 6.2 pf starts -- but not on boot
snowcrash+freebsd
schneecrash+freebsd at gmail.com
Mon Jun 4 22:37:26 UTC 2007
On 6/4/07, Volker <volker at vwsoft.com> wrote:
> without seeing your pf.conf ruleset,
happy to send/post if required/helpful ...
> I guess you're using a ppp
> connection to your upstream provider and firewalling on the tunX
> interface (using tun0 as $ext_if).
you're absolutely correct here.
> As FreeBSD boots up, this interface does not yet exist when pf is
> loaded.
clear.
> As soon as ppp is loaded and interface tun0 has been created,
> pf will happily load your ruleset.
aha. does that suggest that i'm simply not waiting long enough? your
following comments suggest otherwise, iiuc, that i need to proactively
_do_ something different ...
> The solution is to either have pf rules loaded late (later than ppp is
> started)
clearly, simply including pf-related items in rc.conf after
pppoe-related items is not sufficient.
i'll take a look at "rcorder" ... which i wasn't aware of at all. thanks!
> or use anchors and load ext rules into the anchor when the
> ppp interface is up.
i hadn't thought of using anchors in this fashion.
i'm off to google, but any good examples you can reference?
> The easier is to have the rules loading late
> (check using rcorder) but this may also fail if something goes wrong
> with ppp.
i /thought/ i'd dealt with the intfc/ppo/pf ordering issue, configuring,
cat /etc/ppp/ppp.linkup
------------------------------------
ppp1:
! sh -c "/sbin/pfctl -ef /usr/local/etc/pf/pf.conf"
!bg sh -c "echo `/bin/date` `/etc/bin/ip` ppp.linkup >> /etc/ppp/log"
------------------------------------
cat /etc/ppp/ppp.linkdown
------------------------------------
ppp1:
!bg route delete HISADDR ppp1
!bg pfctl -F all -d
------------------------------------
cat /etc/ppp/ppp.conf
------------------------------------
default:
set device PPPoE:sis1:
set speed sync
set ctsrts off
set dial
set login
set cd 10
set timeout 0
set redial 0 0
enable lqr
set lqrperiod 20
set log Phase tun command
add default HISADDR
enable tcpmssfixup
disable dns
ppp1:
set authname me at myisp.com
set authkey ############
set MRU 1492
set MTU 1492
------------------------------------
are these NOT supposed to address/solve the problem? or are the configs wrong?
Mikhail Goriachev <mikhailg at webanoide.org>
> Just a shot in the dark. You are probably putting hostnames in your
> pf.conf instead of IPs. PF starts before Bind. So it can't resolve
> hostnames in the rules and hence doesn't start.
heh. a good call, but, i'd already made THAT mistake a month or so ago. ;-)
thanks though!
More information about the freebsd-questions
mailing list