Date: Wed, 19 Jun 2002 01:03:26 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: IPFW rules on tunX devices Message-ID: <20020619010325.A29725@Odin.AC.HMC.Edu> In-Reply-To: <20020619165721.B438@gsmx07.alcatel.com.au>; from peter.jeremy@alcatel.com.au on Wed, Jun 19, 2002 at 04:57:21PM %2B1000 References: <20020619165721.B438@gsmx07.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
--M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 19, 2002 at 04:57:21PM +1000, Peter Jeremy wrote: > I have a situation where I want to have some ipfw rules permanently > associated with tun0. In 4.5-RELEASE, I just included lines like the > following in the rules file specified as firewall_type in rc.conf: > add 11010 allow tcp from 10.2.3.4 to 10.2.3.5 keep-state in recv tun0 s= etup >=20 > In 4.6-RELEASE, the tun devices are created on demand and so tun0 > doesn't exist don't exist when the firewall rules are added. Other > than starting ppp(8), how do I create tun0? I thought > ifconfig tun0 create > would work, but that returns: > ifconfig: SIOCIFCREATE: Invalid argument >=20 > Any suggestions? I was able to hack around this for someone by placing an entry in /etc/rc.early to open the tun0 device so the interface would be created. The disgusting hack I used was a staticly linked binary which opened /dev/tun0. On current the following signficantly less gross shell works: echo "" >> /dev/tun0 I don't know if this works on stable though. I'm sure there's a better solution, but I've never claimed to be a shell hacker. :-) IMO, the long term solution it to fix the tun(4) driver to use interface cloning like gif(4) so you can do "ifconfig tun0 create" as necessicary. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9EDrNXY6L6fI4GtQRAkw2AKCsN6wWrRp8HOa9uBBcjrux435l9wCeOOD4 X79kj+IiAINlnsQVqbsCBlk= =F+c7 -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020619010325.A29725>