A way to load PF rules at startup using OpenVPN

[Maciej Suszko]

On Tue, 20 Jan 2015 14:18:28 +0200
Panagiotis Atmatzidis <atma at convalesco.org> wrote:

[...]

> I resolved the issue by creating a devd conf file:
> 
> $ cat /etc/devd/tun.conf
> # Run PF when tun0 is up
> notify 0 {
> 	match "system"		"IFNET";
> 	match "subsystem"	"tun0";
> 	match "type"		"LINK_UP";
> 	action "/etc/rc.d/pf start";
> };
> 
> This file makes sure ‘pf’ is executed right after ‘tun0’ interface is UP, which happens at boot anyway since openvpn is started by ‘rc.conf’. You need have ‘pf’ enabled in ‘rc.conf’ of course.
> 
> It works fine now on every reboot :-)

It just looks like solution taken directly from Linux world... If we
don't know why it's not working, let's put rc script somewhere -
problem solved!

In my opinion, properly created pf.conf have nothing to do with openvpn
- neither running nor stopped.

Post your pf.conf, pfctl -nvf /etc/pf.conf with tun0 present and
absent, look at dmesg -a, messages etc.

Just my 2 cents...
-- 
regards, Maciej Suszko.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20150120/18ca102c/attachment.sig>