A way to load PF rules at startup using OpenVPN

[Panagiotis Atmatzidis]

Hello,

I’m trying to load my PF at system startup but having issues after installing an OpenVPN server. The first approach I tried was via rc.conf, here is my configuration:

$ grep pf /etc/rc.conf
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pfstatd_enable="YES"
pflog_logfile="/var/log/pflog”

Theoretically this should be enough. However PF doesn’t load anything at boot. I have to do it manually. I added the following lines at ‘/etc/rc.local’ and worked for a couple of months:

$ grep pf /etc/rc.local
/sbin/pfctl -f /etc/pf.conf


Not this approach won’t work either. This is a FreeBSD based VPS. Every time I reboot the VPS I have to manually login and run ‘pfctl -f /etc/pf.conf’ to load the ruleset.

I think that this has something to do with ‘tun0’ interface which is the last thing that is loaded at boot. Probably PF runs before this, sees rules that it doesn’t understand (related to tun0) and comes up short, then tun0 is loaded but it’s too late.

Any ideas on how to solve this are welcomed!

Thanks

Panagiotis (atmosx) Atmatzidis

email:	atma at convalesco.org
URL:	http://www.convalesco.org
GnuPG ID: 0x1A7BFEC5
gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5

"As you set out for Ithaca, hope the voyage is a long one, full of adventure, full of discovery [...]" - C. P. Cavafy




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150119/46d4bfdb/attachment.sig>