Date: Thu, 7 Sep 2006 15:33:59 +0200 From: "stephen hoekstra" <stephenhoekstra@gmail.com> To: KES <kes-kes@yandex.ru> Cc: freebsd-pf@freebsd.org Subject: Re: pf fails to start Message-ID: <fd564f30609070633o663499eel853f29a7f54b12a7@mail.gmail.com> In-Reply-To: <922498059.20060907160002@yandex.ru> References: <922498059.20060907160002@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, There was a thread about this quite a while back where if the interface didn't exist pf wouldn't start. It's probably the wrong way to do it, but my dsl connection is controlled by a crontab script that runs every minute or so to see if line is up (my line is quite bad). at end of script it does a 'pfctl -sr | wc -l' and and if output is > 0 then end else pfctl -f /etc/pf.conf Like I said, probably bad way to check it, but I have same problem where if ppp connection is not established, pf won't load ruleset cause tun0 doesn't exist. Atleast that way when cron job checks if line is up (every 2 minute), it also checks if pf is loaded. 1) system boots up 2) cronjob runs 2a) starts ppp 2b) checks if wc -l is >0 3) system started and online with pf running On 9/7/06, KES <kes-kes@yandex.ru> wrote: > Hello > > pf fails to start if interface doesnt exist or IP address not assigned > > I have trobles with tun0 (pppeo connection) > > Look at next picture: > > 1) power fail, > 2) FreeBSD starting, > 3) do pppoe connection to provider > 3.a) pppoe fail (ISP has some problem) > 4) pf starts and fails =(( > 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C) > > Copy of console messages: > pflog promiscios > pf enabled > pflog: here some message (I don't remember) > > some experements: > > kes# ps ax|grep ppp > 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl > 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased > 47226 p2 DL+ 0:00.00 grep ppp > > #KILL pppoe connection > kes# kill -9 373 > kes# kill -9 373 > 373: No such process > > #Reload pf.conf > kes# pfctl -f /etc/pf.conf > no IP address found for tun0 > /etc/pf.conf:48: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:66: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:100: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:101: could not parse host specification > pfctl: Syntax error in config file: pf rules not loaded > > #start pppoe > kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased > kes# pfctl -f /etc/pf.conf > > #no errors here. > kes# > > So I have no "Syntax error in config file" > > TO authur of pf: > You must change behavior of pf like ipfw does. > ipfw only do warning messages in situations like this. > > > KES mailto:kes-kes@yandex.ru > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fd564f30609070633o663499eel853f29a7f54b12a7>