From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 17 16:30:59 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 50A0A16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Mar 2005 16:30:59 +0000 (GMT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6DCD943D3F
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Mar 2005 16:30:58 +0000 (GMT)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from root by ciao.gmane.org with local (Exim 4.43)
	id 1DBxjm-0008F1-DP
	for freebsd-questions@freebsd.org; Thu, 17 Mar 2005 17:20:42 +0100
Received: from jrpenn.demon.co.uk ([194.222.241.254])
        by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
        id 1AlnuQ-0007hv-00
        for <freebsd-questions@freebsd.org>; Thu, 17 Mar 2005 17:20:42 +0100
Received: from jeff+list.news by jrpenn.demon.co.uk with local (Gmexim 0.1
	(Debian))        id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Thu, 17 Mar 2005 17:20:42 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Jeff Penn <jeff+list.news@jrpenn.demon.co.uk>
Date: Thu, 17 Mar 2005 15:29:40 +0000 (UTC)
Lines: 13
Message-ID: <slrnd3djq0.ni.jeff+list.news@jrpenn.demon.co.uk>
References: <6.2.0.14.2.20050304062626.00aa8468@localhost>
	<20050304164136.GA1684@orion.daedalusnetworks.priv>
	<20050304173041.GA1314@orion.daedalusnetworks.priv>
	<d0mn3o$jkl$1@sea.gmane.org>
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: jrpenn.demon.co.uk
User-Agent: slrn/0.9.8.1 (FreeBSD)
Sender: news <news@sea.gmane.org>
X-Gmane-MailScanner: Found to be clean
X-Gmane-MailScanner: Found to be clean
X-MailScanner-From: freebsd-questions@m.gmane.org
X-MailScanner-To: freebsd-questions@freebsd.org
Subject: Re: pf seems to start late?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2005 16:30:59 -0000

Volodymyr Kostyrko <arcade@ints.net>:
>>>>Shouldn't PF start right after the interfaces come up? [...]
>
>    Guys, didn't you forgot that pf sometimes uses resolver to lookup 
> hostnames present in pf.conf? What happens if it should resole hostnames 
> with local named?

I noticed that openbsd does a two-stage startup if pf is enabled.
Rc initially defines rules for lo0, & ssh/dns/icmp/ etc from any
to any (also NFS if enabled).  After the network is started these rules
are replaced by loading pf.conf.

Jeff