impossible rc.d ordering problem with stf and pf ?
Max Laier
max at love2party.net
Mon Jan 29 16:24:04 UTC 2007
On Monday 29 January 2007 13:02, Pete French wrote:
> > 1) You use the interface name as address w/o dynamic lookup.
> > i.e. "... from stf0 ..."
>
> Yes, thats it - I hadn't come across this 'dynamic lookup' thing before
> though, so I didn't realise what it was. I still cant find it in the PF
> manual, aside from a reference that you need to do it for NAT.
>
> > To 1 and 2 there is a simple sollution: Don't do that then! 1 can
> > easily=20 be defused by adding parentheses. i.e. "... from (stf0)
> > ...".
>
> pass out on (stf0) inet6 from any to any keep state
No, that's a misunderstanding. The "on ifnX" part stays untouched.
> Gives me a syntax error when I try and load it with pfctl. If I change
> it to:
>
> pass out on stf0 inet6 from any to any keep state
>
> Then it works loading it with pfctl, but now does not work at boot due
> to the lack of stf0 interface. :-(
That's strange. Works here without a problem:
# ifconfig -l
fxp0 bge0 bge1 lo0 pflog0
No stf0 interface.
# echo "pass out on stf0 inet6 from any to any keep state" | pfctl -vf-
pass out on stf0 inet6 all keep state
Still, rule loaded without problems ...
The "(ifnX)" syntax is only for places where you use the interface as an
address. The "on ifnX" part stays unchanged in any case and it does not
matter if the interface exists already or not.
What version are you using again? My tests are with 6.2
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070129/90d8706b/attachment.pgp
More information about the freebsd-stable
mailing list