Date: Mon, 19 Jan 2015 18:53:40 +0200 From: Panagiotis Atmatzidis <atma@convalesco.org> To: freebsd-questions@freebsd.org Subject: A way to load PF rules at startup using OpenVPN Message-ID: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_4942EA50-CF56-4EEF-A377-392340A15DE8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hello, I=E2=80=99m trying to load my PF at system startup but having issues = after installing an OpenVPN server. The first approach I tried was via = rc.conf, here is my configuration: $ grep pf /etc/rc.conf pf_enable=3D"YES" pf_rules=3D"/etc/pf.conf" pflog_enable=3D"YES" pfstatd_enable=3D"YES" pflog_logfile=3D"/var/log/pflog=E2=80=9D Theoretically this should be enough. However PF doesn=E2=80=99t load = anything at boot. I have to do it manually. I added the following lines = at =E2=80=98/etc/rc.local=E2=80=99 and worked for a couple of months: $ grep pf /etc/rc.local /sbin/pfctl -f /etc/pf.conf Not this approach won=E2=80=99t work either. This is a FreeBSD based = VPS. Every time I reboot the VPS I have to manually login and run = =E2=80=98pfctl -f /etc/pf.conf=E2=80=99 to load the ruleset. I think that this has something to do with =E2=80=98tun0=E2=80=99 = interface which is the last thing that is loaded at boot. Probably PF = runs before this, sees rules that it doesn=E2=80=99t understand (related = to tun0) and comes up short, then tun0 is loaded but it=E2=80=99s too = late. Any ideas on how to solve this are welcomed! Thanks Panagiotis (atmosx) Atmatzidis email: atma@convalesco.org URL: http://www.convalesco.org GnuPG ID: 0x1A7BFEC5 gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5 "As you set out for Ithaca, hope the voyage is a long one, full of = adventure, full of discovery [...]" - C. P. Cavafy --Apple-Mail=_4942EA50-CF56-4EEF-A377-392340A15DE8 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: Public Key Encryption iQIcBAEBAgAGBQJUvTaUAAoJEPy01a8ae/7F4/IQAKtd0p8Iw5L2Cgrrth2pESnG ylaxQfZPgmfQdXNKt/4nC/Pale//Gwb3pDJAVSAgGtkJPt5FjkisqST+1VYRR6PI y5hSEYBj+Ulqv0Ecb6GZI3NrBL2553npe15wPXkJHRUQdBWaiXiG8GJnFD0Aj0AM P/bnzcUdLzOkAYC7jklIElWJCbrLHIfOFRW33otehiLhn0s119uoelcQaCnPRr/o 1t1rs0poTI/FznzOvtjKVZ+B/1HB5BsOxV6lU0nBlj2cn/v1Nq3si52BDXBGx52H AHfupIdmIaLdLfrK1gSfudMPbKpFMapXRE8ooLktz+nbceypfd9/qTg53EiQZclu QpDAD6u9KnUNyqCZKhp7YWR/dAoctOy+7Vr0OBghwbnKdY4qNF7QJf8JPvNvkngS Hz06xzwx35nREd0+ZpYohcdaC9TV1beLS4Vmb+VlYmacK9LwhZTXCAAdTMr1JUCn M1WiJ4xWjRSEekHAHrHPj7888OdNDZUwOnht0nWP3fhFnUBZu/HXc1XfMW679fDZ oiTrYcpW7dyuSOKe7r+vfJZBPpFMrMXjDo/4UnyFusKGIoq33qwx9PGM2M5fKNgR BCvXylWmUwUZfQv5pz/fcW9Gmw/oh5JpYt8jlDbH3o2hexbJHcdQosMhMT4ibqmi nVP2l3vNf9YQVV8KrGJO =dfPh -----END PGP SIGNATURE----- --Apple-Mail=_4942EA50-CF56-4EEF-A377-392340A15DE8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F84CF488-7CF6-4580-B169-AA441166E2CB>