rcorder for vpn-like tunnels during early rc.d startup

Eugene Grosbein eugen at grosbein.net
Sat Dec 22 18:29:12 UTC 2018


23.12.2018 1:22, Craig Leres wrote:

> On 12/22/18 7:18 AM, Eugene Grosbein wrote:
>> You should not try to make it start before packet filters, that is wrong
> 
> How should I handle the case where I start several openvpn tunnels and have references to them in my pf.conf? My solution was to write a rc.d script that gives a configured list of tun devices up to a minute to come up and then do a "service pf reload".

And this is right thing to do :-)
I mean, if your filtering rules depend on ever-changing list of interfaces,
just reconfigure the filter when the list changes
or better teach the filter to catch up with changes automatically, if possible.




More information about the freebsd-hackers mailing list