Date: Thu, 7 Sep 2006 17:42:47 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, KES <kes-kes@yandex.ru> Subject: Re: pf fails to start Message-ID: <200609071742.53209.max@love2party.net> In-Reply-To: <922498059.20060907160002@yandex.ru> References: <922498059.20060907160002@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thursday 07 September 2006 15:00, KES wrote: > pf fails to start if interface doesnt exist or IP address not assigned There are a couple of gotchas in this area, but most of them can be worked around. 1) "set loginterface tun0" Generally, there is no need for "set loginterface" anymore as we collect statistics for all interfaces by default. (see "pfctl -vvvs Interfaces"). 2) "altq on tun0 ..." This one can't be worked around directly due to the way ALTQ is implemented, but see below. 3) "... from tun0 ..." or "... to tun0 ..." in filter rules, "-> tun0" in nat rules This can easily be solved by using "(tun0)" in these rules. This assures two things, firstly it allows to load the rule w/o tun0 existing, secondly it tracks address changes on the interface. Note that due to some unclear ppp bug it might be necessary to use "(tun0:0)" instead. A general sollution for ppp devices is the use of the "ppp.linkup" script. All ppp clients, I'm aware of, support it in one way or another. This script is executed just after the link is up and IP addresses are configured - usually before data is accepted from the device. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQBFAD39XyyEoT62BG0RAm6RAJ9yTzeXmQL37eSv4LAY2GjS6MCTswCeKc9T 57DN/OJHqh7SH4MpWToSJaM= =FHcs -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609071742.53209.max>