From owner-freebsd-security Mon Jan 1 13: 9:36 2001 From owner-freebsd-security@FreeBSD.ORG Mon Jan 1 13:09:34 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from vista.athms.com (athms.bayarea.net [204.71.213.154]) by hub.freebsd.org (Postfix) with ESMTP id 3216237B400 for ; Mon, 1 Jan 2001 13:09:34 -0800 (PST) Received: from goofy.int.athms.com ([192.168.100.12] helo=athms.com) by vista.athms.com with esmtp (Exim 3.16) id 14DCKj-0008k3-00 ; Mon, 01 Jan 2001 13:17:33 -0800 Message-ID: <3A50F2C3.BFCB550E@athms.com> Date: Mon, 01 Jan 2001 13:12:35 -0800 From: Tom Czarnik X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Gerhard Sittig Cc: FreeBSD Security Subject: Re: IPFilter and new rc.conf scripts References: <20010101034042.8685.qmail@web1003.mail.yahoo.com> <20010101152510.R253@speedy.gsinet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gerhard Sittig wrote: > > On Sun, Dec 31, 2000 at 19:40 -0800, echelon wrote: > > > > PR conf/22859 explains why ipf can't work on tun0 > > after reboot. So the ad-hoc solution is to put "ipf > > -y" in /etc/ppp/ppp.linkup. > > "ipf -y" is what you need in ppp.linkup -- as well as in > ppp.linkdown -- anyway as soon as you have dynamic IP addresses > on your tun* interfaces. So I wouldn't call this just "ad hoc" > but more "given almost by default and necessity". :) This will > make the 0.0.0.0/32 address in your rules work very much like > MYADDR in ppp(8) syntax does. Let me reiterate that the problem of IPF needing a resync affects BOTH tun and interfaces loaded as modules. It needs to be fixed in rc.network for both conditions, and only in ppp.linkup/down if you are using a dynamic address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message