From owner-freebsd-net@freebsd.org  Tue Aug 18 11:18:34 2015
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50E1C9BCFF8
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Tue, 18 Aug 2015 11:18:34 +0000 (UTC)
 (envelope-from artemrts@ukr.net)
Received: from frv199.fwdcdn.com (frv199.fwdcdn.com [212.42.77.199])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 158FF3E3
 for <freebsd-net@freebsd.org>; Tue, 18 Aug 2015 11:18:33 +0000 (UTC)
 (envelope-from artemrts@ukr.net)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
 s=ffe; 
 h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date;
 bh=A0QgCvLFF12bwhsvQFWnSoR9J9DXRXSvf3KUJVz06qs=; 
 b=AN5r/LPZeWI6joX9YdpzpRpZSb2xLP3E2Fqsxvryfu1y9P21tBpGctABonWzh82jI7e3y2/fqdwJk9ksxy2wsmoa7yO2czYIsmHSeywQKVUzzOPMQkL0y6wbXviMK0Hc0jEPPXRf2qrZTWXdU+FvP27yR7ZA8MVf3LLsJpH4kfA=;
Received: from [10.10.10.34] (helo=frv34.fwdcdn.com)
 by frv199.fwdcdn.com with smtp ID 1ZReuL-000Gy2-VQ
 for freebsd-net@freebsd.org; Tue, 18 Aug 2015 14:18:21 +0300
Date: Tue, 18 Aug 2015 14:18:21 +0300
From: wishmaster <artemrts@ukr.net>
Subject: Re: pf and new interface
To: Andriy Gapon <avg@freebsd.org>
Cc: freebsd-net@freebsd.org
X-Mailer: mail.ukr.net 5.0
Message-Id: <1439896563.102588062.s8ouf3nc@frv34.fwdcdn.com>
In-Reply-To: <55D2E9B3.2040301@FreeBSD.org>
References: <55D2E9B3.2040301@FreeBSD.org>
X-Reply-Action: reply
Received: from artemrts@ukr.net by frv34.fwdcdn.com;
 Tue, 18 Aug 2015 14:18:21 +0300
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: binary
Content-Disposition: inline
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2015 11:18:34 -0000


  

 --- Original message ---
From: "Andriy Gapon" <avg@freebsd.org>
Date: 18 August 2015, 14:05:15

 
> I have the following rule in pf.conf:
> set skip on tap
> and even the following one:
> set skip on tap0
> 
> The rules are loaded at the system start-up time, but the tap interface
> may not be created until much later.  When tap0 is first created the
> skip rules are not applied to it and the traffic gets filtered.  If I
> reload the pf configuration, then the rules start working.
> 
> Is there a way to make pf honor such rules for the dynamic interfaces?Hi,

You should do it in your application, e.g. in mpd this is something like below

        set iface up-script /usr/local/etc/mpd5/link_up.sh
        set iface down-script /usr/local/etc/mpd5/link_down.sh

in openvpn - see manuals.

Cheers,
Vitaliy