Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Sep 2006 17:42:47 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org, KES <kes-kes@yandex.ru>
Subject:   Re: pf fails to start
Message-ID:  <200609071742.53209.max@love2party.net>
In-Reply-To: <922498059.20060907160002@yandex.ru>
References:  <922498059.20060907160002@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1695583.HGTgrclHDy
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Thursday 07 September 2006 15:00, KES wrote:
> pf fails to start if interface doesnt exist or IP address not assigned

There are a couple of gotchas in this area, but most of them can be worked=
=20
around.

1) "set loginterface tun0"
Generally, there is no need for "set loginterface" anymore as we collect=20
statistics for all interfaces by default. (see "pfctl -vvvs Interfaces").

2) "altq on tun0 ..."
This one can't be worked around directly due to the way ALTQ is=20
implemented, but see below.

3) "... from tun0 ..." or "... to tun0 ..." in filter rules, "-> tun0" in=20
nat rules
This can easily be solved by using "(tun0)" in these rules.  This assures=20
two things, firstly it allows to load the rule w/o tun0 existing,=20
secondly it tracks address changes on the interface.  Note that due to=20
some unclear ppp bug it might be necessary to use "(tun0:0)" instead.

A general sollution for ppp devices is the use of the "ppp.linkup" script. =
=20
All ppp clients, I'm aware of, support it in one way or another.  This=20
script is executed just after the link is up and IP addresses are=20
configured - usually before data is accepted from the device.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1695583.HGTgrclHDy
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)

iD8DBQBFAD39XyyEoT62BG0RAm6RAJ9yTzeXmQL37eSv4LAY2GjS6MCTswCeKc9T
57DN/OJHqh7SH4MpWToSJaM=
=FHcs
-----END PGP SIGNATURE-----

--nextPart1695583.HGTgrclHDy--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609071742.53209.max>