From owner-freebsd-hackers@freebsd.org  Thu Dec 27 14:20:55 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38D5D1360C4E
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Thu, 27 Dec 2018 14:20:55 +0000 (UTC)
 (envelope-from leres@freebsd.org)
Received: from xse.com (xse.com [IPv6:2607:f2f8:abb8::3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "xse.com", Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7B19975DD1
 for <freebsd-hackers@freebsd.org>; Thu, 27 Dec 2018 14:20:54 +0000 (UTC)
 (envelope-from leres@freebsd.org)
Received-SPF: pass (dot.xse.com: authenticated connection)
 receiver=dot.xse.com; client-ip=2001:558:6045:10:9084:9e0:4b6d:eb99;
 helo=ice.alameda.xse.com; envelope-from=leres@freebsd.org;
 x-software=spfmilter 2.001 http://www.acme.com/software/spfmilter/ with
 libspf2-1.2.10; 
Received: from ice.alameda.xse.com (ice.xse.com
 [IPv6:2001:558:6045:10:9084:9e0:4b6d:eb99]) (authenticated bits=0)
 by dot.xse.com (8.15.2/8.15.2) with ESMTPSA id wBREKlsH082877
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Thu, 27 Dec 2018 06:20:48 -0800 (PST)
 (envelope-from leres@freebsd.org)
X-Authentication-Warning: dot.xse.com: Host ice.xse.com
 [IPv6:2001:558:6045:10:9084:9e0:4b6d:eb99] claimed to be ice.alameda.xse.com
Subject: Re: rcorder for vpn-like tunnels during early rc.d startup
To: Willem Jan Withagen <wjw@digiware.nl>,
 Eugene Grosbein <eugen@grosbein.net>,
 Dave Cottlehuber <dch@skunkwerks.at>, freebsd-hackers@freebsd.org
References: <1545487265.3497867.1616158504.69E513B4@webmail.messagingengine.com>
 <f9a31f17-0e5f-265a-60ac-010e0c16bc22@grosbein.net>
 <b86faac8-9428-7935-6444-a9a1ac032250@freebsd.org>
 <8a8c6e8e-4781-9e03-36cf-b7974cb719bc@grosbein.net>
 <f2d7e351-f895-5f9e-d4fd-d6db34ae5ba4@digiware.nl>
From: Craig Leres <leres@freebsd.org>
Message-ID: <8aa1f557-aa2b-76ce-1feb-cd7451e6a3a3@freebsd.org>
Date: Thu, 27 Dec 2018 06:20:47 -0800
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <f2d7e351-f895-5f9e-d4fd-d6db34ae5ba4@digiware.nl>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.100.2 at dot.xse.com
X-Virus-Status: Clean
X-GBUdb-Analysis: Unknown
X-MessageSniffer-Rules: 0-0-0-2608-c
X-Rspamd-Queue-Id: 7B19975DD1
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.99 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.99)[-0.989,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Dec 2018 14:20:55 -0000

On 12/27/18 3:09 AM, Willem Jan Withagen wrote:
> Might want to use the ifup/ifdown scripts to add the specifics for the 
> VPN that just came up. Tricky part is how to get things in the tables at 
> the right place.

That's a pretty good idea. After I wrote the working "additional rc.d 
script" solution I learned about ifup/ifdown scripts which seems cleaner 
but never went back to try that method.

> So with IPFW I use specific line numbers reserved to insert certain 
> rules. (using counter rules to split the fw code into blocks)

(I like pf and really don't want to go back to ipfw.)

		Craig