From owner-freebsd-questions@FreeBSD.ORG Wed May 7 20:47:53 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 945E71065674 for ; Wed, 7 May 2008 20:47:53 +0000 (UTC) (envelope-from fbsd06+VW=3bb223d1@mlists.homeunix.com) Received: from mxout-03.mxes.net (mxout-03.mxes.net [216.86.168.178]) by mx1.freebsd.org (Postfix) with ESMTP id 6D2F28FC14 for ; Wed, 7 May 2008 20:47:53 +0000 (UTC) (envelope-from fbsd06+VW=3bb223d1@mlists.homeunix.com) Received: from gumby.homeunix.com. (unknown [87.81.140.128]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 2750A23E406 for ; Wed, 7 May 2008 16:47:51 -0400 (EDT) Date: Wed, 7 May 2008 21:47:49 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20080507214749.64c5e7ba@gumby.homeunix.com.> In-Reply-To: <53f591170805071021i45f757d3h4558e106a0da7f18@mail.gmail.com> References: <53f591170805071021i45f757d3h4558e106a0da7f18@mail.gmail.com> X-Mailer: Claws Mail 3.4.0 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Delaying pf.conf loading X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 20:47:53 -0000 On Thu, 8 May 2008 01:21:22 +0800 "Justin Jereza" wrote: > Hello. > > Is it possible to delay the loading of pf rules from pf.conf after ppp > has connected and named is running through rc.conf? What you probably need is to do a "pf resync"; rc.d/ppp already does this, but too early for named. Doing it after named is running is probably not sufficient as there is no guarantee that ppp has established a network connection. I wrote a script that waits until it can ping external hosts, and then does a resync: #!/bin/sh # # PROVIDE: networkwait # REQUIRE: named # BEFORE: ntpdate . /etc/rc.subr networkwait_enable=${networkwait_enable:-"NO"} name="networkwait" rcvar=`set_rcvar` stop_cmd=":" start_cmd="wait_network" wait_network(){ if [ "$networkwait_ping_hosts" ] ; then host_list="${networkwait_ping_hosts}" else # No hosts supplied - use external nameservers host_list=`awk '/^ *nameserver/ {print $2} '< /etc/resolv.conf | grep -E -v '^127\.0+\.0+\.0*1'` fi echo -n "Waiting for network access ... " while true ; do for inet_host in $host_list ; do if ping -nc1 $inet_host 2>&1 > /dev/null ; then echo "ping to ${inet_host} succeeded." # Re-Sync ipfilter and pf in case # they had failed DNS lookups /etc/rc.d/ipfilter resync /etc/rc.d/pf resync exit 0 fi done sleep 5 done } load_rc_config ${name} run_rc_command "$1"