From owner-freebsd-pf@FreeBSD.ORG Thu Sep 7 19:35:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4B6816A52E for ; Thu, 7 Sep 2006 19:35:23 +0000 (UTC) (envelope-from eculp@bafirst.com) Received: from bafirst.com (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37B7743E45 for ; Thu, 7 Sep 2006 19:34:15 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from localhost (localhost [127.0.0.1]) (uid 80) by bafirst.com with local; Thu, 07 Sep 2006 14:34:15 -0500 id 00095801.45007437.0000691E Received: from dsl-189-129-2-76.prod-infinitum.com.mx (dsl-189-129-2-76.prod-infinitum.com.mx [189.129.2.76]) by mail.bafirst.com (Horde MIME library) with HTTP; Thu, 07 Sep 2006 14:34:15 -0500 Message-ID: <20060907143415.scknj7rgo40k8k0w@mail.bafirst.com> Date: Thu, 07 Sep 2006 14:34:15 -0500 From: eculp@bafirst.com To: freebsd-pf@freebsd.org References: <922498059.20060907160002@yandex.ru> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: Re: pf fails to start X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 19:35:23 -0000 Quoting Scott Ullrich : > On 9/7/06, KES wrote: >> Hello >> >> pf fails to start if interface doesnt exist or IP address not assigned >> >> I have trobles with tun0 (pppeo connection) >> >> Look at next picture: >> >> 1) power fail, >> 2) FreeBSD starting, >> 3) do pppoe connection to provider >> 3.a) pppoe fail (ISP has some problem) >> 4) pf starts and fails =(( >> 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C) >> >> Copy of console messages: >> pflog promiscios >> pf enabled >> pflog: here some message (I don't remember) >> >> some experements: >> >> kes# ps ax|grep ppp >> 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl >> 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased >> 47226 p2 DL+ 0:00.00 grep ppp >> >> #KILL pppoe connection >> kes# kill -9 373 >> kes# kill -9 373 >> 373: No such process >> >> #Reload pf.conf >> kes# pfctl -f /etc/pf.conf >> no IP address found for tun0 >> /etc/pf.conf:48: could not parse host specification >> no IP address found for tun0 >> /etc/pf.conf:66: could not parse host specification >> no IP address found for tun0 >> /etc/pf.conf:100: could not parse host specification >> no IP address found for tun0 >> /etc/pf.conf:101: could not parse host specification >> pfctl: Syntax error in config file: pf rules not loaded >> >> #start pppoe >> kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased >> kes# pfctl -f /etc/pf.conf >> >> #no errors here. >> kes# >> >> So I have no "Syntax error in config file" >> >> TO authur of pf: >> You must change behavior of pf like ipfw does. >> ipfw only do warning messages in situations like this. > > Please share your entire pf rules file. There are ways to work around > this. Most notably you can wrap tun0 around () and PF will silently > ignore the item until the interface is actually up and running. Whould that be "(" tun0 ")" ? Or would a simple ( tun0 ) work? Thanks, ed > > Scott > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >