From owner-freebsd-pf@FreeBSD.ORG Thu Sep 7 13:35:22 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29C2116A525 for ; Thu, 7 Sep 2006 13:35:22 +0000 (UTC) (envelope-from stephenhoekstra@gmail.com) Received: from hu-out-0102.google.com (hu-out-0506.google.com [72.14.214.232]) by mx1.FreeBSD.org (Postfix) with ESMTP id 563A543E86 for ; Thu, 7 Sep 2006 13:34:13 +0000 (GMT) (envelope-from stephenhoekstra@gmail.com) Received: by hu-out-0102.google.com with SMTP id 31so178310huc for ; Thu, 07 Sep 2006 06:34:00 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=pR/8TfIUo9ytm0EYtY0irezTeYRn/HoYZ0ZECl+BxcjaXDrROp1mGYLrVUnbus1INz+NfVVwHj0wmxq+mbKYoK6BMOwuPQa5FaoQqNk3/5lWPJl2d0uE/uGSBlsMZC48Ll9T5RaQqWgHhRC7t9/ogUyrcQNB45aeybufdATMsZ4= Received: by 10.67.89.5 with SMTP id r5mr399509ugl; Thu, 07 Sep 2006 06:33:59 -0700 (PDT) Received: by 10.67.92.12 with HTTP; Thu, 7 Sep 2006 06:33:58 -0700 (PDT) Message-ID: Date: Thu, 7 Sep 2006 15:33:59 +0200 From: "stephen hoekstra" To: KES In-Reply-To: <922498059.20060907160002@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <922498059.20060907160002@yandex.ru> Cc: freebsd-pf@freebsd.org Subject: Re: pf fails to start X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 13:35:22 -0000 Hi, There was a thread about this quite a while back where if the interface didn't exist pf wouldn't start. It's probably the wrong way to do it, but my dsl connection is controlled by a crontab script that runs every minute or so to see if line is up (my line is quite bad). at end of script it does a 'pfctl -sr | wc -l' and and if output is > 0 then end else pfctl -f /etc/pf.conf Like I said, probably bad way to check it, but I have same problem where if ppp connection is not established, pf won't load ruleset cause tun0 doesn't exist. Atleast that way when cron job checks if line is up (every 2 minute), it also checks if pf is loaded. 1) system boots up 2) cronjob runs 2a) starts ppp 2b) checks if wc -l is >0 3) system started and online with pf running On 9/7/06, KES wrote: > Hello > > pf fails to start if interface doesnt exist or IP address not assigned > > I have trobles with tun0 (pppeo connection) > > Look at next picture: > > 1) power fail, > 2) FreeBSD starting, > 3) do pppoe connection to provider > 3.a) pppoe fail (ISP has some problem) > 4) pf starts and fails =(( > 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C) > > Copy of console messages: > pflog promiscios > pf enabled > pflog: here some message (I don't remember) > > some experements: > > kes# ps ax|grep ppp > 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl > 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased > 47226 p2 DL+ 0:00.00 grep ppp > > #KILL pppoe connection > kes# kill -9 373 > kes# kill -9 373 > 373: No such process > > #Reload pf.conf > kes# pfctl -f /etc/pf.conf > no IP address found for tun0 > /etc/pf.conf:48: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:66: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:100: could not parse host specification > no IP address found for tun0 > /etc/pf.conf:101: could not parse host specification > pfctl: Syntax error in config file: pf rules not loaded > > #start pppoe > kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased > kes# pfctl -f /etc/pf.conf > > #no errors here. > kes# > > So I have no "Syntax error in config file" > > TO authur of pf: > You must change behavior of pf like ipfw does. > ipfw only do warning messages in situations like this. > > > KES mailto:kes-kes@yandex.ru > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >