From owner-freebsd-bugs@FreeBSD.ORG  Mon Jun  8 00:10:04 2009
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9CB98106564A
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  8 Jun 2009 00:10:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id DD0B58FC1A
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  8 Jun 2009 00:10:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n580A323075479
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 8 Jun 2009 00:10:03 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n580A3OH075478;
	Mon, 8 Jun 2009 00:10:03 GMT (envelope-from gnats)
Resent-Date: Mon, 8 Jun 2009 00:10:03 GMT
Resent-Message-Id: <200906080010.n580A3OH075478@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Alexander Kabaev <kan@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ACD56106566B;
	Mon,  8 Jun 2009 00:06:22 +0000 (UTC) (envelope-from kan@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 9C4D58FC08;
	Mon,  8 Jun 2009 00:06:22 +0000 (UTC) (envelope-from kan@FreeBSD.org)
Received: from freefall.freebsd.org (kan@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5806MB0075369;
	Mon, 8 Jun 2009 00:06:22 GMT (envelope-from kan@freefall.freebsd.org)
Received: (from kan@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5806MnW075368;
	Mon, 8 Jun 2009 00:06:22 GMT (envelope-from kan)
Message-Id: <200906080006.n5806MnW075368@freefall.freebsd.org>
Date: Mon, 8 Jun 2009 00:06:22 GMT
From: Alexander Kabaev <kan@FreeBSD.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: re@FreeBSD.org
Subject: conf/135338: pf startup order seems broken
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Alexander Kabaev <kan@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2009 00:10:05 -0000


>Number:         135338
>Category:       conf
>Synopsis:       pf startup order seems broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 08 00:10:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Alexander Kabaev
>Release:        FreeBSD 8.0-CURRENT
>Organization:
>Environment:

FreeBSD kan.dnsalias.net 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Sun Jun  7 16:24:56 EDT 2009     kan@kan.dnsalias.net:/usr/download/src/sys/i386/compile/KAN  i386

>Description:

I upgraded one of my machines from -current as of May 12th and noticed
the following startup scripts breakage: pfctl seems to be running before
any of the interfaces are configured and quite expectedly fails to
process some rules. If someone does not pay attention, he ends up with
completely unprotected host sitting on Internet. Filing this at Sam's
request to alert re@ about possible blocker.


<skip>
ugen2.3: <American Power Conversion> at usbus2
no IP address found for re0:network
/etc/pf_kan.conf:21: 
could not parse host specification
no IP address found for re0:network
/etc/pf_kan.conf:37: 
could not parse host specification
no IP address found for re0:network
/etc/pf_kan.conf:38: 
could not parse host specification

pfctl: 
Syntax error in config file: pf rules not loaded

pf enabled
DHCPREQUEST on vr0 to 255.255.255.255 port 67

DHCPACK from 96.145.104.1

bound to 98.217.224.113 -- renewal in 113063 seconds.

Starting Network: lo0 vr0 re0.

<skip>

>How-To-Repeat:
	Reboot.
>Fix:
	Do not have any yet.
>Release-Note:
>Audit-Trail:
>Unformatted: