From owner-freebsd-stable@FreeBSD.ORG Sun Jan 28 16:36:49 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 98BAC16A401 for ; Sun, 28 Jan 2007 16:36:49 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 56ECD13C48D for ; Sun, 28 Jan 2007 16:36:46 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (unknown [89.53.125.132]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 6CBF712882A for ; Sun, 28 Jan 2007 17:36:40 +0100 (CET) Received: from [192.168.18.3] (unknown [192.168.18.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 5E67A2E56B; Sun, 28 Jan 2007 17:36:30 +0100 (CET) Message-ID: <45BCD10E.1070108@vwsoft.com> Date: Sun, 28 Jan 2007 17:36:30 +0100 From: Volker User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: Alexey Karagodov References: <45BC9E03.6020506@vwsoft.com> In-Reply-To: X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-stable@freebsd.org, Pete French Subject: Re: impossible rc.d ordering problem with stf and pf ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 16:36:49 -0000 On 01/28/07 16:40, Alexey Karagodov wrote: > 2007/1/28, Volker >: > I've played with that problems a few times. It's not a perfect > solution, but you may create your own pf loading script and place it > in /usr/local/etc/rc.d/. To make sure it's running late in startup, > use a proper # REQUIRE: line. > > That way (and that what makes me saying it's not perfect) pf load > script /etc/rc.d/pf is being run but aborts loading pf rules in > first place and later (when rc is working though > /usr/local/etc/rc.d/) pf rules are loaded by your custom script. > > or just make a symlink from /etc/rc.d/pf to /usr/local/etc/rc.d/pf > i solved this way problem with FQDN in pf rules Alexey, yes, I also did it using a simple symlink in the past but reading stable@ (or has it been hackers@?) it is planned (or already implemented?) to respect the rcorder for /etc/rc.d/ _and_ /usr/local/etc/rc.d/ in one go. That means the rcorder is being calculated for both directories in one step. I suspect when just symlinking an rc-script from /etc/rc.d/ this might lead into the script being executed two times in a row. I might be wrong on this but your suggestion is using a side effect which might not work with all versions. Greetings, Volker