Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Sep 2004 03:58:04 -0000
From:      Max Laier <max@love2party.net>
To:        pf4freebsd@freelists.org
Cc:        DrumFire <dpphln@tin.it>
Subject:   [pf4freebsd] Re: Problem with pf and ng0 interface.
Message-ID:  <200312102015.42768.max@love2party.net>
In-Reply-To: <20031210184630.29a41d83.dpphln@tin.it>
References:  <20031210184630.29a41d83.dpphln@tin.it>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 10 December 2003 19:46, DrumFire wrote:

> pass in quick on { rl0,rl2,ng0 } proto tcp from $myIP to any keep state
>
> If i try to load pf.conf with this rule, when mpd is not active, pf
> give me a syntax error:
>
> /usr/local/etc/pf.conf:14: unknow interface ng0
>
> How can I load pf.conf also without have mpd program loaded?
>
> Because I don't want load mpd at boot each time.

I am afraid, it is (currently) not possible to load rules for nonexistent=
=20
interfaces.

> With ipfw2 if I add a rule with an interface that doesnt' exits, rule i=
s
> loaded however and when interface became active, then the rule is
> processed.

Note that there is a very basic difference between pf and ipfw in this po=
int:=20
pf optimizes the ruleset upon load. For this purpose it needs to know som=
e=20
information about the interface(s). ipfw evaluates thru the complete rule=
set=20
every time (w/o manual optimization) hence it doesn't need to know much w=
hen=20
it loads the ruleset.

> How can I solve this problem with pf?

Create ng0 before loading the ruleset or load your ruleset depending on n=
g0=20
(e.g. if ifconfig -a | grep ng0; then pfctl -ef pf1; else pfctl -ef pf2; =
fi)

Note, that above rule doesn't seem to make much sense as long as $myIP is=
 what=20
it claims to be (a local ip-address). Traffic "from $myIP" will always co=
me=20
via lo0 not via the network interface it is attached to.

--=20
Best regards,				| max@love2party.net
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet #DragonFlyBSD

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312102015.42768.max>