pf/ppp timing problem at startup

[cpghost]

I'm using ADSL to connect (using a static IP), and ppp(1)
needs some time (a few seconds) to initialize and configure
the tun(4) device. Parallel to this, pf(4) starts immediately,
and doesn't recognize ext_if (tun0), which is not yet ready.
As a result of this, pf shuts down again and there's no firewall.

As a workaround, I added a startup script to /usr/local/etc/rc.d
which would get invoked after the system scripts, sleep a few
seconds, and then run "/etc/rc.d/pf start" again. Alternatively,
I could also poll for tun0 there, but it's not really worth the
trouble.

Meddling with the existing /etc/rc.d startup scripts (ppp, pf)
to make sure pf is only started after tun0 is up and running
is not a good idea, because it would always appear in mergemaster
later.

So the question is: how can I change the timing, so that pf only
starts AFTER ppp has brought the interfaces up? There are some
keywords (REQUIRE, BEFORE etc...) in /etc/rc.d/* files, but I'm
not really sure if that would solve the problem.

Perhaps there's also some pf setting that would dynamically adjust
to tun0 once it appears?

Thanks,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/