From owner-freebsd-stable Tue Jun 18 23:57:35 2002 Delivered-To: freebsd-stable@freebsd.org Received: from alcanet.com.au (mail2.alcanet.com.au [203.62.196.17]) by hub.freebsd.org (Postfix) with ESMTP id 3AAB737B40C for ; Tue, 18 Jun 2002 23:57:28 -0700 (PDT) Received: from mfg1.cim.alcatel.com.au (localhost.localdomain [127.0.0.1]) by alcanet.com.au (8.12.1/8.12.1/Alcanet1.2) with ESMTP id g5J6vOEd018206 for ; Wed, 19 Jun 2002 16:57:24 +1000 Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au (PMDF V5.2-32 #37640) with ESMTP id <01KJ4EP94SDC8XE04N@cim.alcatel.com.au> for freebsd-stable@freebsd.org; Wed, 19 Jun 2002 16:57:23 +1000 Received: from gsmx07.alcatel.com.au (localhost [127.0.0.1]) by gsmx07.alcatel.com.au (8.12.3/8.12.3) with ESMTP id g5J6vLru022749 for ; Wed, 19 Jun 2002 16:57:22 +1000 Received: (from jeremyp@localhost) by gsmx07.alcatel.com.au (8.12.3/8.12.3/Submit) id g5J6vLwr022748 for freebsd-stable@freebsd.org; Wed, 19 Jun 2002 16:57:21 +1000 (EST) Content-return: prohibited Date: Wed, 19 Jun 2002 16:57:21 +1000 From: Peter Jeremy Subject: IPFW rules on tunX devices To: freebsd-stable@freebsd.org Mail-Followup-To: freebsd-stable@freebsd.org Message-id: <20020619165721.B438@gsmx07.alcatel.com.au> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have a situation where I want to have some ipfw rules permanently associated with tun0. In 4.5-RELEASE, I just included lines like the following in the rules file specified as firewall_type in rc.conf: add 11010 allow tcp from 10.2.3.4 to 10.2.3.5 keep-state in recv tun0 setup In 4.6-RELEASE, the tun devices are created on demand and so tun0 doesn't exist don't exist when the firewall rules are added. Other than starting ppp(8), how do I create tun0? I thought ifconfig tun0 create would work, but that returns: ifconfig: SIOCIFCREATE: Invalid argument Any suggestions? As background: With 4.5-RELEASE, I was originally creating/deleting the rules using ppp.link{up,down}, but this meant that the dynamic rules were deleted (and hence any sessions using the PPP link were effectively destroyed) when the link dropped. Since the particular phone link was quite unreliable, this was a nuisance. By creating the rules statically, sessions became persistent - the phone dropout became a short glitch whilst it re-dialed. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message