Date: Thu, 10 Jul 2008 12:55:42 +0300 From: "Dennis" <hideous@mail.ru> To: freebsd-pf@freebsd.org Subject: Re: ***SPAM*** Re: New pf install on Freebsd7 seem to be a slow starter. Message-ID: <3910389261.20080710125542@mail.ru> In-Reply-To: <4875D33C.2010506@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
LJ> David DeSimone skrev:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Leslie Jensen <leslie@eskk.nu> wrote:
>>> # tables
>>> table <goodguys> { something.somewhere.com, somethingelse.somewhere.com,
>>> xxx.yyy.zzz.qqq }
>>
>> This looks like the problem. You have put hostnames in your pf.conf.
>> While this is supported, hostname lookups at boot time are problematic
>> because the network is just getting started. Nameservers are not always
>> immediately reachable, so these name lookups will stall out.
>>
>> I recommend you put IP addresses in your pf.conf so that it can be
>> loaded without waiting for a nameserver.
>>
>> Alternatively, put these hostnames (and IP's) in your /etc/hosts file.
LJ> Oh, I didn't know that! Can you tell me how to handle this?
LJ> The problem is these hosts are not fixed IP's so they use no-ip
LJ> (http://www.no-ip.com/) to provide a fixed address.
It's possible to populate the table after network initialized and all
other cervices are up. Just place empty table
table <goodguys> persist
in your pf.conf and
pfctl -t goodguys -T add \
something.somewhere.com \
somethingelse.somewhere.com \
xxx.yyy.zzz.qqq &
into your /etc/rc.local, so pf will start up without delays.
Regards,
Dennis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3910389261.20080710125542>