From owner-freebsd-questions@FreeBSD.ORG Sun Sep 20 20:53:02 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB4E8106566B for ; Sun, 20 Sep 2009 20:53:02 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id 482BC8FC0C for ; Sun, 20 Sep 2009 20:53:02 +0000 (UTC) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id E512634BA9; Sun, 20 Sep 2009 22:52:59 +0200 (CEST) Date: Sun, 20 Sep 2009 22:52:59 +0200 From: cpghost To: "Sam Fourman Jr." Message-ID: <20090920205259.GB2670@phenom.cordula.ws> References: <11167f520909192030g7417c27as8555f7c8fcb8ac4a@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <11167f520909192030g7417c27as8555f7c8fcb8ac4a@mail.gmail.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd general questions Subject: Re: How to get pf to wait for ng0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2009 20:53:02 -0000 On Sat, Sep 19, 2009 at 10:30:14PM -0500, Sam Fourman Jr. wrote: > Hello list, > > I am trying to use FreeBSD 8 RC1 to setup L2 tunnels via mpd5. > My problem is the pf.conf file is never parsed because ng0 does not > exist yet on startup > > ng0 is this case is DSL PPPoE to our local telco for internet access. > after the DSL dials up (via mpd5) if I do pfctl -d && pfctl -e -f > /etc/pf.conf everything works as expected. > > What is the best way to get pf to wait and parse the ruleset until > after ng0 exists? That old problem again... ;-) My (somewhat shaky) work around is this: 1. In /etc/rc.d/NETWORKING, add the line # REQUIRE: mpd 2. In /usr/local/etc/rc.d/mpd5, make sure the line # PROVIDE: mpd is present 3. In /usr/local/etc/rc.d/mpd5, add sleep 10 at the bottom. (That's where my solution is shaky: 10 secs is more than enough for me on PPPoE, but it may not be enough for dial-up modems etc.) 4. In /etc/rc.d/pf, add NETWORKING to the # REQUIRE: line: # REQUIRE: FILESYSTEMS netif pflog pfsync NETWORKING 5. In /etc/rc.d/named, add NETWORKING to the # REQUIRE: line: # REQUIRE: SERVERS cleanvar NETWORKING This setup will effectively run mpd5 *before* pf, and will also wait (hopefully) long enough for mpd5 to set up ng0. Then, when pf runs, ng0 will be already there. Of course, there is more than one way to do it. It just happens to work here. > Sam Fourman Jr. -cpghost. -- Cordula's Web. http://www.cordula.ws/