From owner-freebsd-current@FreeBSD.ORG Tue Jun 8 20:20:54 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2564616A4CE for ; Tue, 8 Jun 2004 20:20:54 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3BC743D39 for ; Tue, 8 Jun 2004 20:20:53 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.162] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1BXn5Y-000888-00; Tue, 08 Jun 2004 22:20:52 +0200 Received: from [217.83.1.246] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1BXn5Y-0000dc-00; Tue, 08 Jun 2004 22:20:52 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Tue, 8 Jun 2004 22:21:36 +0200 User-Agent: KMail/1.6.2 References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_Z/hxA1Xd93GSess"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406082221.45103.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 cc: Jonathan Weiss Subject: Re: Loading the PF ruleset fails due to ppp X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jun 2004 20:20:54 -0000 --Boundary-02=_Z/hxA1Xd93GSess Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 06 June 2004 12:46, Jonathan Weiss wrote: > Hi folks, > > > I updated my 5.2.1 box to current today und changed from the PF-port to t= he > new base-PF. Everything went fine, but when I rebooted the box, it hangs > when samba was starting up. The problem was, that samba could not bind to > its ports due to the default pf rulesset being loaded (only ssh-in is > allowed). > > The problem originates in the fact, that I have a DSl modem and pppd > connects on startup. Because I get only a dynamic IP, I use such statemen= ts > in my ruleset : > > > pass in on $tun_if inet proto tcp from any to ($tun_if) port 22 flags > S/SA modulate state label > > > The ($tun_if) gives me the current IP of the tun0-interface and this is > often used by users with dynamic Ips. > > The problem is, that ppp is not fast enough for PF. PF is starting up > before ppp gets an IP for tun0, so loading the ruleset fails. While using > the PF-port, the time lag between starting ppp and PF was big enough, as = PF > was started whith the other third-party tools. With PF now in the > basesystem, it is too fast for ppp. > > Inserting a "sleep 10" in the pf_start()-function in /etc/rc.d/pf solved = my > problem, as PF waits 10 seconds before loading the ruleset and ppp now ge= ts > the dynamic IP in time. > > > > Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm su= re > when current become 5.3 I'll be not alone with my problem. This problem will be solved once we import pf from OpenBSD 3.5 with the new= =20 interface handling. For ppp I suggest loading the ruleset from ppp.linkup=20 instead of using the rc.d script for now. Test the 3.5 import with the patchset from: http://people.freebsd.org/~mlai= er/=20 Thanks ;) =2D-=20 Best regards, | mlaier@freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet --Boundary-02=_Z/hxA1Xd93GSess Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAxh/ZXyyEoT62BG0RAo/0AJ490F/nOKBwVbDOAU8eNkJk0LAiJACcC9rV bu8xSJRuuG8wWt73cQxbqIY= =YSf9 -----END PGP SIGNATURE----- --Boundary-02=_Z/hxA1Xd93GSess--