From owner-freebsd-stable@FreeBSD.ORG  Fri Oct  3 23:23:01 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BE5E106569B;
	Fri,  3 Oct 2008 23:23:01 +0000 (UTC)
	(envelope-from bruce@cran.org.uk)
Received: from muon.cran.org.uk (muon.cran.org.uk [IPv6:2001:41c8:1:548a::2])
	by mx1.freebsd.org (Postfix) with ESMTP id CA6278FC1C;
	Fri,  3 Oct 2008 23:23:00 +0000 (UTC)
	(envelope-from bruce@cran.org.uk)
Received: from muon.cran.org.uk (localhost [127.0.0.1])
	by muon.cran.org.uk (Postfix) with ESMTP id 0266930126;
	Sat,  4 Oct 2008 00:22:56 +0100 (BST)
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on muon.cran.org.uk
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=8.0 tests=BAYES_00 autolearn=ham
	version=3.2.3
Received: from tau.draftnet (tau.demon.co.uk [80.177.26.208])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by muon.cran.org.uk (Postfix) with ESMTP;
	Sat,  4 Oct 2008 00:22:56 +0100 (BST)
Date: Sat, 4 Oct 2008 00:22:29 +0100
From: Bruce Cran <bruce@cran.org.uk>
To: Volker <volker@vwsoft.com>
Message-ID: <20081004002229.7089be9c@tau.draftnet>
In-Reply-To: <48E69F6D.5050001@vwsoft.com>
References: <48E535D3.8000805@cran.org.uk>
	<20081003111703.GA27385@icarus.home.lan>
	<20081003113824.GA27757@icarus.home.lan>
	<20081003230534.60b4c1cb@tau.draftnet>
	<48E69F6D.5050001@vwsoft.com>
X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; amd64-portbld-freebsd7.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Jeremy Chadwick <koitsu@FreeBSD.org>, freebsd-stable@freebsd.org,
	freebsd-pf@freebsd.org
Subject: Re: pf rules not being loaded during boot on 7.1-PRERELEASE
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Oct 2008 23:23:01 -0000

On Sat, 04 Oct 2008 00:40:45 +0200
Volker <volker@vwsoft.com> wrote:
> You seem to have a rule like:
> 
> pass ... on tun0 from any to tun0 ...
> 
> If you change that into:
> 
> pass ... on tun0 from any to (tun0) ...
> 
> pf will happily parse your rules and activate your firewall even while
> tun0 does not already have an IP address. You may also try to use
> rules naming an interface family instead of a single interface.

You're right - I mostly used lines with (tun0) but line 45 didn't have
the brackets.  I've just added them, rebooted and pf loaded the rules
during boot.

-- 
Bruce Cran