Date: Sun, 23 Dec 2018 01:28:47 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Craig Leres <leres@freebsd.org>, Dave Cottlehuber <dch@skunkwerks.at>, freebsd-hackers@freebsd.org Subject: Re: rcorder for vpn-like tunnels during early rc.d startup Message-ID: <8a8c6e8e-4781-9e03-36cf-b7974cb719bc@grosbein.net> In-Reply-To: <b86faac8-9428-7935-6444-a9a1ac032250@freebsd.org> References: <1545487265.3497867.1616158504.69E513B4@webmail.messagingengine.com> <f9a31f17-0e5f-265a-60ac-010e0c16bc22@grosbein.net> <b86faac8-9428-7935-6444-a9a1ac032250@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
23.12.2018 1:22, Craig Leres wrote: > On 12/22/18 7:18 AM, Eugene Grosbein wrote: >> You should not try to make it start before packet filters, that is wrong > > How should I handle the case where I start several openvpn tunnels and have references to them in my pf.conf? My solution was to write a rc.d script that gives a configured list of tun devices up to a minute to come up and then do a "service pf reload". And this is right thing to do :-) I mean, if your filtering rules depend on ever-changing list of interfaces, just reconfigure the filter when the list changes or better teach the filter to catch up with changes automatically, if possible.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8a8c6e8e-4781-9e03-36cf-b7974cb719bc>