From owner-freebsd-questions@FreeBSD.ORG Fri Nov 18 07:39:04 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 51F4516A41F for ; Fri, 18 Nov 2005 07:39:04 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 993B243D46 for ; Fri, 18 Nov 2005 07:39:02 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from flame.pc (adsl-66-124-231-46.dsl.snfc21.pacbell.net [66.124.231.46]) (authenticated bits=0) by igloo.linux.gr (8.13.5/8.13.5/Debian-3) with ESMTP id jAI7cg40006448; Fri, 18 Nov 2005 09:38:47 +0200 Received: by flame.pc (Postfix, from userid 1001) id 3ECCF11481; Thu, 17 Nov 2005 23:38:19 -0800 (PST) Date: Thu, 17 Nov 2005 23:38:19 -0800 From: Giorgos Keramidas To: "J.D. Bronson" Message-ID: <20051118073818.GA1259@flame.pc> References: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-3.674, required 5, autolearn=not spam, ALL_TRUSTED -1.80, AWL 0.72, BAYES_00 -2.60) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr Cc: freebsd-questions@freebsd.org Subject: Re: rcorder again.. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Nov 2005 07:39:04 -0000 On 2005-11-17 06:48, "J.D. Bronson" wrote: > Well...I was surprised that no one replied. I was trying to > figure out why ppp-user would start BEFORE pf fired up.... > > It appears easy enough to change, but its untested: > > Edit /etc/rc.d/ppp-user: > > # $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $ > # > > # PROVIDE: ppp-user > # REQUIRE: netif isdnd pf <--- add pf > # KEYWORD: nojail > > ============================= > > Then rcorder shows things BETTER: > > /etc/rc.d/netif > /etc/rc.d/pfsync > /etc/rc.d/pflog > /etc/rc.d/pf > /etc/rc.d/isdnd > /etc/rc.d/ppp-user > > my only concern might be that tun0 is not created until > ppp-user launches (correct me if I am wrong) and pf might have > an issue with an interface that doesnt yet exist. Under > OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT > pf to be active prior to ppp launching (like in openbsd?) > > Can someone kindly comment on this please? You can always copy /etc/rc.d/pf to a new script, say "pfboot", and have it load a predefined rule-set, i.e.: set skip on lo0 block in all block out all You can probably copy the default ruleset that OpenBSD uses too :) With dependencies in /etc/rc.d/pfboot like these: # PROVIDE: pfboot # REQUIRE: root mountcritlocal pflog pfsync # BEFORE: netif # KEYWORD: nojail you can probably get it to work exactly like you mention above