From owner-freebsd-questions@FreeBSD.ORG  Fri Feb  8 19:25:43 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2048E16A417
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Feb 2008 19:25:43 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from bifrost.locolomo.org (97.pool85-48-194.static.orange.es
	[85.48.194.97])
	by mx1.freebsd.org (Postfix) with ESMTP id C54E613C45D
	for <freebsd-questions@freebsd.org>;
	Fri,  8 Feb 2008 19:25:42 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from sleipner.local (unknown [192.168.0.62])
	by bifrost.locolomo.org (Postfix) with ESMTP id 4ECD839822;
	Fri,  8 Feb 2008 20:25:41 +0100 (CET)
Message-ID: <47ACACB5.5010705@locolomo.org>
Date: Fri, 08 Feb 2008 20:25:41 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: Jim Bow <jimbow@darq.net>
References: <20080208133822.GA46647@demeter.hydra>	<47AC5EE3.1010003@locolomo.org>
	<47ACA811.3000104@darq.net>
In-Reply-To: <47ACA811.3000104@darq.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: pf.conf for variable interfaces
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2008 19:25:43 -0000

Jim Bow wrote:
> Erik Norgaard wrote:
>> How about this:
>>
>> ext_ifs = "{" iwi0 bge0 "}"
>> block in quick on ext_ifs all
>> pass out quick on ext_ifs all keep state
>> ...
> 
> This is nice, but any ideas how to do this if the wireless interface 
> is only present some of the time, ie its a pcmcia card?

If the above trick doesn't work, then I don't think there is an easy 
solution, pf fails loading rulesets when an error is encountered, which 
AFAIK would happen if an interface is not present.

An option could be to load rule sets as part of the interface setup. 
That means messing with the scripts in /etc/rc.d.

If you look in netif, then there is as part of the start() routine, a 
part that resyncs ipfilter. You can probably copy/paste this to do the 
same if pf is enabled and add a similar resync command to the pf script.

Just some ideas.

Cheers, Erik

-- 
Erik Nørgaard
Ph: +34.666334818                           http://www.locolomo.org