Loading the PF ruleset fails due to ppp
max at love2party.net
Tue Jun 8 20:20:54 GMT 2004
On Sunday 06 June 2004 12:46, Jonathan Weiss wrote:
> Hi folks,
> I updated my 5.2.1 box to current today und changed from the PF-port to the
> new base-PF. Everything went fine, but when I rebooted the box, it hangs
> when samba was starting up. The problem was, that samba could not bind to
> its ports due to the default pf rulesset being loaded (only ssh-in is
> The problem originates in the fact, that I have a DSl modem and pppd
> connects on startup. Because I get only a dynamic IP, I use such statements
> in my ruleset :
> pass in on $tun_if inet proto tcp from any to ($tun_if) port 22 flags
> S/SA modulate state label
> The ($tun_if) gives me the current IP of the tun0-interface and this is
> often used by users with dynamic Ips.
> The problem is, that ppp is not fast enough for PF. PF is starting up
> before ppp gets an IP for tun0, so loading the ruleset fails. While using
> the PF-port, the time lag between starting ppp and PF was big enough, as PF
> was started whith the other third-party tools. With PF now in the
> basesystem, it is too fast for ppp.
> Inserting a "sleep 10" in the pf_start()-function in /etc/rc.d/pf solved my
> problem, as PF waits 10 seconds before loading the ruleset and ppp now gets
> the dynamic IP in time.
> Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm sure
> when current become 5.3 I'll be not alone with my problem.
This problem will be solved once we import pf from OpenBSD 3.5 with the new
interface handling. For ppp I suggest loading the ruleset from ppp.linkup
instead of using the rc.d script for now.
Test the 3.5 import with the patchset from: http://people.freebsd.org/~mlaier/
Best regards, | mlaier at freebsd.org
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040608/8e732a2f/attachment.bin
More information about the freebsd-current