Date: Mon, 19 Jan 2015 18:53:40 +0200 From: Panagiotis Atmatzidis <atma@convalesco.org> To: freebsd-questions@freebsd.org Subject: A way to load PF rules at startup using OpenVPN Message-ID: <F84CF488-7CF6-4580-B169-AA441166E2CB@convalesco.org>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hello, I’m trying to load my PF at system startup but having issues after installing an OpenVPN server. The first approach I tried was via rc.conf, here is my configuration: $ grep pf /etc/rc.conf pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pfstatd_enable="YES" pflog_logfile="/var/log/pflog” Theoretically this should be enough. However PF doesn’t load anything at boot. I have to do it manually. I added the following lines at ‘/etc/rc.local’ and worked for a couple of months: $ grep pf /etc/rc.local /sbin/pfctl -f /etc/pf.conf Not this approach won’t work either. This is a FreeBSD based VPS. Every time I reboot the VPS I have to manually login and run ‘pfctl -f /etc/pf.conf’ to load the ruleset. I think that this has something to do with ‘tun0’ interface which is the last thing that is loaded at boot. Probably PF runs before this, sees rules that it doesn’t understand (related to tun0) and comes up short, then tun0 is loaded but it’s too late. Any ideas on how to solve this are welcomed! Thanks Panagiotis (atmosx) Atmatzidis email: atma@convalesco.org URL: http://www.convalesco.org GnuPG ID: 0x1A7BFEC5 gpg --keyserver pgp.mit.edu --recv-keys 1A7BFEC5 "As you set out for Ithaca, hope the voyage is a long one, full of adventure, full of discovery [...]" - C. P. Cavafy [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: Public Key Encryption iQIcBAEBAgAGBQJUvTaUAAoJEPy01a8ae/7F4/IQAKtd0p8Iw5L2Cgrrth2pESnG ylaxQfZPgmfQdXNKt/4nC/Pale//Gwb3pDJAVSAgGtkJPt5FjkisqST+1VYRR6PI y5hSEYBj+Ulqv0Ecb6GZI3NrBL2553npe15wPXkJHRUQdBWaiXiG8GJnFD0Aj0AM P/bnzcUdLzOkAYC7jklIElWJCbrLHIfOFRW33otehiLhn0s119uoelcQaCnPRr/o 1t1rs0poTI/FznzOvtjKVZ+B/1HB5BsOxV6lU0nBlj2cn/v1Nq3si52BDXBGx52H AHfupIdmIaLdLfrK1gSfudMPbKpFMapXRE8ooLktz+nbceypfd9/qTg53EiQZclu QpDAD6u9KnUNyqCZKhp7YWR/dAoctOy+7Vr0OBghwbnKdY4qNF7QJf8JPvNvkngS Hz06xzwx35nREd0+ZpYohcdaC9TV1beLS4Vmb+VlYmacK9LwhZTXCAAdTMr1JUCn M1WiJ4xWjRSEekHAHrHPj7888OdNDZUwOnht0nWP3fhFnUBZu/HXc1XfMW679fDZ oiTrYcpW7dyuSOKe7r+vfJZBPpFMrMXjDo/4UnyFusKGIoq33qwx9PGM2M5fKNgR BCvXylWmUwUZfQv5pz/fcW9Gmw/oh5JpYt8jlDbH3o2hexbJHcdQosMhMT4ibqmi nVP2l3vNf9YQVV8KrGJO =dfPh -----END PGP SIGNATURE-----help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F84CF488-7CF6-4580-B169-AA441166E2CB>