Loading the PF ruleset fails due to ppp

Max Laier max at love2party.net
Tue Jun 8 20:20:54 GMT 2004

On Sunday 06 June 2004 12:46, Jonathan Weiss wrote:
> Hi folks,
> I updated my 5.2.1 box to current today und changed from the PF-port to the
> new base-PF. Everything went fine, but when I rebooted the box, it hangs
> when samba was starting up. The problem was, that samba could not bind to
> its ports due to the default pf rulesset being loaded (only ssh-in is
> allowed).
> The problem originates in the fact, that I have a DSl modem and pppd
> connects on startup. Because I get only a dynamic IP, I use such statements
> in my ruleset :
> pass  in  on $tun_if inet proto tcp from any to ($tun_if) port 22 flags
> S/SA modulate state label
> The ($tun_if) gives me the current IP of the tun0-interface and this is
> often used by users with dynamic Ips.
> The problem is, that ppp is not fast enough for PF. PF is starting up
> before ppp gets an IP for tun0, so loading the ruleset fails. While using
> the PF-port, the time lag between starting ppp and PF was big enough, as PF
> was started whith the other third-party tools. With PF now in the
> basesystem, it is too fast for ppp.
> Inserting a "sleep 10" in the pf_start()-function in /etc/rc.d/pf solved my
> problem, as PF waits 10 seconds before loading the ruleset and ppp now gets
> the dynamic IP in time.
> Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm sure
> when current become 5.3 I'll be not alone with my problem.

This problem will be solved once we import pf from OpenBSD 3.5 with the new 
interface handling. For ppp I suggest loading the ruleset from ppp.linkup 
instead of using the rc.d script for now.

Test the 3.5 import with the patchset from: http://people.freebsd.org/~mlaier/ 
Thanks ;)

Best regards,				| mlaier at freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier at EFnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040608/8e732a2f/attachment.bin

More information about the freebsd-current mailing list