From owner-freebsd-stable@FreeBSD.ORG Mon Jan 29 16:24:04 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 71EA116A400; Mon, 29 Jan 2007 16:24:04 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id F174E13C4B2; Mon, 29 Jan 2007 16:24:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.180.126] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu3) with ESMTP (Nemesis), id 0MKxQS-1HBZIQ3szv-00045H; Mon, 29 Jan 2007 17:23:56 +0100 From: Max Laier Organization: FreeBSD To: Pete French Date: Mon, 29 Jan 2007 17:23:41 +0100 User-Agent: KMail/1.9.5 References: In-Reply-To: X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2993517.5KRqd8aUqD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200701291723.52074.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de login:61c499deaeeba3ba5be80f48ecc83056 X-Provags-ID2: V01U2FsdGVkX1+/hRzd73h5ePpkUqNEkKELFu5zCc5rlJR4zDKLxHlt3dSMGbbG3LmDDMWqPBfPdkV3z9rX1nLbJii037d31O2CfYvSZ0V5HHX3nFn8qOvMDw== Cc: bms@freebsd.org, freebsd-stable@freebsd.org, rcoleman@criticalmagic.com Subject: Re: impossible rc.d ordering problem with stf and pf ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jan 2007 16:24:04 -0000 --nextPart2993517.5KRqd8aUqD Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 29 January 2007 13:02, Pete French wrote: > > 1) You use the interface name as address w/o dynamic lookup. > > i.e. "... from stf0 ..." > > Yes, thats it - I hadn't come across this 'dynamic lookup' thing before > though, so I didn't realise what it was. I still cant find it in the PF > manual, aside from a reference that you need to do it for NAT. > > > To 1 and 2 there is a simple sollution: Don't do that then! 1 can > > easily=3D20 be defused by adding parentheses. i.e. "... from (stf0) > > ...". > > pass out on (stf0) inet6 from any to any keep state No, that's a misunderstanding. The "on ifnX" part stays untouched. > Gives me a syntax error when I try and load it with pfctl. If I change > it to: > > pass out on stf0 inet6 from any to any keep state > > Then it works loading it with pfctl, but now does not work at boot due > to the lack of stf0 interface. :-( That's strange. Works here without a problem: # ifconfig -l fxp0 bge0 bge1 lo0 pflog0 No stf0 interface. # echo "pass out on stf0 inet6 from any to any keep state" | pfctl -vf- pass out on stf0 inet6 all keep state Still, rule loaded without problems ... The "(ifnX)" syntax is only for places where you use the interface as an=20 address. The "on ifnX" part stays unchanged in any case and it does not=20 matter if the interface exists already or not. What version are you using again? My tests are with 6.2 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2993517.5KRqd8aUqD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFvh+YXyyEoT62BG0RAjg/AJwLBiMSJABudU1HKYPYTb+VaKChiwCgghlm s8JJOSme8bsYsnDhBbVSblA= =Y9VW -----END PGP SIGNATURE----- --nextPart2993517.5KRqd8aUqD--