From owner-freebsd-current@FreeBSD.ORG  Mon May 12 12:51:07 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0C3FB7B1;
 Mon, 12 May 2014 12:51:07 +0000 (UTC)
Received: from mail.feld.me (mail.feld.me [66.170.3.6])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.feld.me", Issuer "Gandi Standard SSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id AE62A2288;
 Mon, 12 May 2014 12:51:06 +0000 (UTC)
Received: from mail.feld.me (mail.feld.me [66.170.3.6]);
 by mail.feld.me (OpenSMTPD) with ESMTP id c76f5865;
 Mon, 12 May 2014 07:50:56 -0500 (CDT)
Received: from feld@feld.me by mail.feld.me (Archiveopteryx 3.2.0) with
 esmtpa id 1399899055-4152-4150/5/3; Mon, 12 May 2014 12:50:55 +0000
Content-Type: text/plain
Mime-Version: 1.0
Subject: Re: Ordering for network-sensitive rc scripts
From: Mark Felder <feld@FreeBSD.org>
In-Reply-To: <DA602ED0-ECBC-4A3D-8F1B-9CB80EDE12B5@FreeBSD.org>
Date: Mon, 12 May 2014 07:50:54 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <10A1433E-80EA-4AF4-BC38-B03D742E0D97@FreeBSD.org>
References: <DA602ED0-ECBC-4A3D-8F1B-9CB80EDE12B5@FreeBSD.org>
To: David Chisnall <theraven@freebsd.org>
X-Mailer: Apple Mail (2.1874)
Sender: feld@feld.me
Cc: "FreeBSD-CURRENT@freebsd.org Current" <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 12:51:07 -0000


On Apr 17, 2014, at 3:21, David Chisnall <theraven@FreeBSD.org> wrote:

> Hi all,
>=20
> For a little while, I've had an issue with the machine that sits on =
the edge of my network deciding to start avahi as soon as a network is =
available, meaning that it then runs mDNS advertisements on the external =
interface and not the wireless one, requiring a manual restart once the =
machine boots.  I'm now seeing something similar with pf - it manages to =
start before the external interface comes up and so silently ignores all =
of the rules for routing packets off the network.
>=20
> Do we have a mechanism for stating that certain services should not be =
started until ALL of the interfaces are up, rather than just the first =
one?  Or even of restarting them when a new network appears?
>=20

I always thought the proper solution here was pf's built-in keywords =
"egress" and "ingress" interface names so you don't have to specify =
interface names that may or may not exist at the time the pf rules load.