From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 10:15:36 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 069051065674 for ; Thu, 10 Jul 2008 10:15:36 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from eta.smtp.skif.com.ua (eta.smtp.skif.com.ua [91.90.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id B8FAB8FC28 for ; Thu, 10 Jul 2008 10:15:35 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from den.unicom (shota20b-unicom.skif.com.ua [91.90.21.238]) by smtp.skif.com.ua (Postfix) with ESMTP id 02CF23F97A for ; Thu, 10 Jul 2008 12:57:58 +0300 (EEST) Date: Thu, 10 Jul 2008 12:55:42 +0300 From: "Dennis" X-Priority: 3 (Normal) Message-ID: <3910389261.20080710125542@mail.ru> To: freebsd-pf@freebsd.org In-Reply-To: <4875D33C.2010506@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: ***SPAM*** Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Nobody A. Unknown" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 10:15:36 -0000 LJ> David DeSimone skrev: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Leslie Jensen wrote: >>> # tables >>> table { something.somewhere.com, somethingelse.somewhere.com, >>> xxx.yyy.zzz.qqq } >> >> This looks like the problem. You have put hostnames in your pf.conf. >> While this is supported, hostname lookups at boot time are problematic >> because the network is just getting started. Nameservers are not always >> immediately reachable, so these name lookups will stall out. >> >> I recommend you put IP addresses in your pf.conf so that it can be >> loaded without waiting for a nameserver. >> >> Alternatively, put these hostnames (and IP's) in your /etc/hosts file. LJ> Oh, I didn't know that! Can you tell me how to handle this? LJ> The problem is these hosts are not fixed IP's so they use no-ip LJ> (http://www.no-ip.com/) to provide a fixed address. It's possible to populate the table after network initialized and all other cervices are up. Just place empty table table persist in your pf.conf and pfctl -t goodguys -T add \ something.somewhere.com \ somethingelse.somewhere.com \ xxx.yyy.zzz.qqq & into your /etc/rc.local, so pf will start up without delays. Regards, Dennis