***SPAM*** Re: New pf install on Freebsd7 seem to be a slow
starter.
Dennis
hideous at mail.ru
Thu Jul 10 10:15:36 UTC 2008
LJ> David DeSimone skrev:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Leslie Jensen <leslie at eskk.nu> wrote:
>>> # tables
>>> table <goodguys> { something.somewhere.com, somethingelse.somewhere.com,
>>> xxx.yyy.zzz.qqq }
>>
>> This looks like the problem. You have put hostnames in your pf.conf.
>> While this is supported, hostname lookups at boot time are problematic
>> because the network is just getting started. Nameservers are not always
>> immediately reachable, so these name lookups will stall out.
>>
>> I recommend you put IP addresses in your pf.conf so that it can be
>> loaded without waiting for a nameserver.
>>
>> Alternatively, put these hostnames (and IP's) in your /etc/hosts file.
LJ> Oh, I didn't know that! Can you tell me how to handle this?
LJ> The problem is these hosts are not fixed IP's so they use no-ip
LJ> (http://www.no-ip.com/) to provide a fixed address.
It's possible to populate the table after network initialized and all
other cervices are up. Just place empty table
table <goodguys> persist
in your pf.conf and
pfctl -t goodguys -T add \
something.somewhere.com \
somethingelse.somewhere.com \
xxx.yyy.zzz.qqq &
into your /etc/rc.local, so pf will start up without delays.
Regards,
Dennis
More information about the freebsd-pf
mailing list