How to get pf to wait for ng0
cpghost
cpghost at cordula.ws
Sun Sep 20 20:53:02 UTC 2009
On Sat, Sep 19, 2009 at 10:30:14PM -0500, Sam Fourman Jr. wrote:
> Hello list,
>
> I am trying to use FreeBSD 8 RC1 to setup L2 tunnels via mpd5.
> My problem is the pf.conf file is never parsed because ng0 does not
> exist yet on startup
>
> ng0 is this case is DSL PPPoE to our local telco for internet access.
> after the DSL dials up (via mpd5) if I do pfctl -d && pfctl -e -f
> /etc/pf.conf everything works as expected.
>
> What is the best way to get pf to wait and parse the ruleset until
> after ng0 exists?
That old problem again... ;-)
My (somewhat shaky) work around is this:
1. In /etc/rc.d/NETWORKING, add the line
# REQUIRE: mpd
2. In /usr/local/etc/rc.d/mpd5, make sure the line
# PROVIDE: mpd
is present
3. In /usr/local/etc/rc.d/mpd5, add
sleep 10
at the bottom.
(That's where my solution is shaky: 10 secs is more than enough
for me on PPPoE, but it may not be enough for dial-up modems etc.)
4. In /etc/rc.d/pf, add NETWORKING to the # REQUIRE: line:
# REQUIRE: FILESYSTEMS netif pflog pfsync NETWORKING
5. In /etc/rc.d/named, add NETWORKING to the # REQUIRE: line:
# REQUIRE: SERVERS cleanvar NETWORKING
This setup will effectively run mpd5 *before* pf, and will
also wait (hopefully) long enough for mpd5 to set up ng0.
Then, when pf runs, ng0 will be already there.
Of course, there is more than one way to do it. It just happens
to work here.
> Sam Fourman Jr.
-cpghost.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list