From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:58:04 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 907D316A4D1; Thu, 16 Sep 2004 03:58:04 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 2074 invoked by uid 1005); 10 Dec 2003 19:20:13 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 2071 invoked from network); 10 Dec 2003 19:20:13 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd9530e66.dip.t-dialin.net with SMTP; 10 Dec 2003 19:20:13 -0000 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AU9of-00056q-00 for max@vampire.homelinux.org; Wed, 10 Dec 2003 20:16:09 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 1AU9oW-0004sM-00 for max@love2party.net; Wed, 10 Dec 2003 20:16:00 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 3CD1A39345E; Wed, 10 Dec 2003 14:00:14 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 10 Dec 2003 14:00:05 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.189])ESMTP id 6D401393069 for ; Wed, 10 Dec 2003 14:00:03 -0500 (EST) Received: from [212.227.126.207] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AU9oI-0008Th-00 for pf4freebsd@freelists.org; Wed, 10 Dec 2003 20:15:46 +0100 Received: from [217.83.14.102] (helo=vampire.homelinux.org) by mrelayng.kundenserver.de with asmtp (Exim 3.35 #1) id 1AU9oI-0000Cp-00 for pf4freebsd@freelists.org; Wed, 10 Dec 2003 20:15:46 +0100 Received: (qmail 2058 invoked from network); 10 Dec 2003 19:19:49 -0000 Received: from unknown (HELO fbsd52.laiers.local) (192.168.4.88) by 192.168.4.1 with SMTP; 10 Dec 2003 19:19:49 -0000 From: Max Laier To: pf4freebsd@freelists.org User-Agent: KMail/1.5.4 References: <20031210184630.29a41d83.dpphln@tin.it> In-Reply-To: <20031210184630.29a41d83.dpphln@tin.it> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-Disposition: inline Message-Id: <200312102015.42768.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:e28873fbe4dbe612ce62ab869898ff08 X-archive-position: 234 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 352 X-Length: 4556 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:59:49 +0000 cc: DrumFire Subject: [pf4freebsd] Re: Problem with pf and ng0 interface. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:58:04 -0000 X-Original-Date: Wed, 10 Dec 2003 20:15:42 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:58:04 -0000 On Wednesday 10 December 2003 19:46, DrumFire wrote: > pass in quick on { rl0,rl2,ng0 } proto tcp from $myIP to any keep state > > If i try to load pf.conf with this rule, when mpd is not active, pf > give me a syntax error: > > /usr/local/etc/pf.conf:14: unknow interface ng0 > > How can I load pf.conf also without have mpd program loaded? > > Because I don't want load mpd at boot each time. I am afraid, it is (currently) not possible to load rules for nonexistent= =20 interfaces. > With ipfw2 if I add a rule with an interface that doesnt' exits, rule i= s > loaded however and when interface became active, then the rule is > processed. Note that there is a very basic difference between pf and ipfw in this po= int:=20 pf optimizes the ruleset upon load. For this purpose it needs to know som= e=20 information about the interface(s). ipfw evaluates thru the complete rule= set=20 every time (w/o manual optimization) hence it doesn't need to know much w= hen=20 it loads the ruleset. > How can I solve this problem with pf? Create ng0 before loading the ruleset or load your ruleset depending on n= g0=20 (e.g. if ifconfig -a | grep ng0; then pfctl -ef pf1; else pfctl -ef pf2; = fi) Note, that above rule doesn't seem to make much sense as long as $myIP is= what=20 it claims to be (a local ip-address). Traffic "from $myIP" will always co= me=20 via lo0 not via the network interface it is attached to. --=20 Best regards, | max@love2party.net Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier@EFnet #DragonFlyBSD