From owner-freebsd-questions@FreeBSD.ORG Thu Apr 30 03:35:39 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 76A871A0 for ; Thu, 30 Apr 2015 03:35:39 +0000 (UTC) Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C9B413BA for ; Thu, 30 Apr 2015 03:35:39 +0000 (UTC) Received: by pabsx10 with SMTP id sx10so46606046pab.3 for ; Wed, 29 Apr 2015 20:35:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucsc.edu; s=ucsc-google; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=C0Lr+48KQAUaG50jVhNMgbY3Wje6Y2qQka5zWfWvWJI=; b=eoBLMymYjUvuWXrEPlQEA2eIpJgZm9vG4C8RGskDl6QpobXWzSUutYlwiRGgmMIRm+ eKW/BIdyrvHxMU/qLsVtobiqhiEq3f3y3vBoPMo9kAFW7i1yoXFoFBJwFmFsQKffI1zK u6T7flCpVzGEIyvgWQpSZ4tuJtqbG6T+DRRAI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-type:content-transfer-encoding :subject:message-id:date:to:mime-version; bh=C0Lr+48KQAUaG50jVhNMgbY3Wje6Y2qQka5zWfWvWJI=; b=G/w6KHe4t9r6wmTVxoN2jkyvMeX2hFKJ8rvGeHpTSCHMNAXlYzv0M2orQEeR1+hapz UvziFhyZ/vB5jzZZRxN460+FDAlyn0gl4Lqpyugk5flImEcBCWYdcArbzi46Kn3vlO6Z VRUvYe0+c7viuagqYV4urx4B4VLr1upasyQymONhMJN32fA9pN+N6u6wfSt3X6fjA97L ziSLVLV4u/4HIXaFbbolebaBCr9ld8LixgvAN1ScDadyKyjTb55PjpwvvUF4sziygjQN iwWKQ5n1+3LB0Glj01SP3LO1u/UvqID0DjE1R3BnldwwjkpnS8afGK4zAZnTOqc7bgKV VHpA== X-Gm-Message-State: ALoCoQmRoMxL9v+Kox/teHrkl66DoCoKI3cz7OXDxjVEU8f0CrKuQtHBf3GYSio1g0MaXBx2J/Cy X-Received: by 10.68.130.98 with SMTP id od2mr4310807pbb.54.1430364938504; Wed, 29 Apr 2015 20:35:38 -0700 (PDT) Received: from imac.diggler.dvniven.com (c-107-3-170-95.hsd1.ca.comcast.net. [107.3.170.95]) by mx.google.com with ESMTPSA id om4sm595465pdb.68.2015.04.29.20.35.36 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 29 Apr 2015 20:35:37 -0700 (PDT) From: Doug Niven Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: PF not loading at boot time Message-Id: <7B5CA749-D7EF-4A2F-9FA0-E3ADF3E5ADDF@ucsc.edu> Date: Wed, 29 Apr 2015 20:35:35 -0700 To: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2015 03:35:39 -0000 I've got a PF anchor referenced in my /etc/pf.conf file here: table { 111.222.0.0/16, 222.222.0.0/16 } block in proto tcp from any to any port 22 pass in on en0 proto tcp from to en0 port 22 flags S/SA = keep state But while the /etc/pf.conf file loads fine manually, it does not load at = boot, generating the following error in my log: no IP address found for en0 /etc/pf.anchors/my-anchor:6: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded I suspect this is because at the time PF loads at boot, en0 doesn't yet = have an IP address or network state. Is there any other way I might be able to write this rule to avoid this = problem? Thanks in advance, Doug