Delaying pf.conf loading
RW
fbsd06 at mlists.homeunix.com
Wed May 7 20:47:53 UTC 2008
On Thu, 8 May 2008 01:21:22 +0800
"Justin Jereza" <justinjereza at gmail.com> wrote:
> Hello.
>
> Is it possible to delay the loading of pf rules from pf.conf after ppp
> has connected and named is running through rc.conf?
What you probably need is to do a "pf resync"; rc.d/ppp already does
this, but too early for named. Doing it after named is running is
probably not sufficient as there is no guarantee that ppp has
established a network connection.
I wrote a script that waits until it can ping external hosts, and then
does a resync:
#!/bin/sh
#
# PROVIDE: networkwait
# REQUIRE: named
# BEFORE: ntpdate
. /etc/rc.subr
networkwait_enable=${networkwait_enable:-"NO"}
name="networkwait"
rcvar=`set_rcvar`
stop_cmd=":"
start_cmd="wait_network"
wait_network(){
if [ "$networkwait_ping_hosts" ] ; then
host_list="${networkwait_ping_hosts}"
else
# No hosts supplied - use external nameservers
host_list=`awk '/^ *nameserver/ {print $2}
'< /etc/resolv.conf | grep -E -v '^127\.0+\.0+\.0*1'`
fi
echo -n "Waiting for network access ... "
while true ; do
for inet_host in $host_list ; do
if ping -nc1 $inet_host 2>&1 > /dev/null ; then
echo "ping to ${inet_host} succeeded."
# Re-Sync ipfilter and pf in case
# they had failed DNS lookups
/etc/rc.d/ipfilter resync
/etc/rc.d/pf resync
exit 0
fi
done
sleep 5
done
}
load_rc_config ${name}
run_rc_command "$1"
More information about the freebsd-questions
mailing list