when to start pfctl when using ng_one2many?
Jacob, Raymond A Jr
raymond.jacob at navy.mil
Sat Mar 11 19:50:23 UTC 2006
I am using ng_one2many to bundle interfaces togther into the interface ngeth0 with a script in /usr/local/etc/rc.d/. I am assuming
that I can not load the enable pf until ngeth0 is up? I can not figure out how to load ngeth0 in the kernel so all I have to do
is have a line with ifconfig_ngeth0="promisc up" in the /etc/rc.conf.
Questions:
1. Is it a good idea load pf with -d flag then write a script in /usr/local/etc/rc.d to start the firewall when all the interfaces are up?
or to set pf_flags = "" and have pf run from /etc/rc.d?
2. How should I handle the bundled interfaces? If there is no way to use /etc/network.subr or /etc/rc.d/netif?
Thank you,
Raymond
More information about the freebsd-pf
mailing list