From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 14 02:12:57 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 135B816A402
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Feb 2007 02:12:57 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id A5B7013C4A7
	for <freebsd-questions@freebsd.org>;
	Wed, 14 Feb 2007 02:12:56 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from epia-2.farid-hajji.net (epia-2 [192.168.254.11])
	by fw.farid-hajji.net (Postfix) with ESMTP id 5ECDDDA9DF;
	Wed, 14 Feb 2007 03:11:50 +0100 (CET)
Date: Wed, 14 Feb 2007 03:14:50 +0100
From: cpghost <cpghost@cordula.ws>
To: freebsd-questions@freebsd.org
Message-ID: <20070214021450.GC52462@epia-2.farid-hajji.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.13 (2006-08-11)
Subject: pf/ppp timing problem at startup
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Feb 2007 02:12:57 -0000

I'm using ADSL to connect (using a static IP), and ppp(1)
needs some time (a few seconds) to initialize and configure
the tun(4) device. Parallel to this, pf(4) starts immediately,
and doesn't recognize ext_if (tun0), which is not yet ready.
As a result of this, pf shuts down again and there's no firewall.

As a workaround, I added a startup script to /usr/local/etc/rc.d
which would get invoked after the system scripts, sleep a few
seconds, and then run "/etc/rc.d/pf start" again. Alternatively,
I could also poll for tun0 there, but it's not really worth the
trouble.

Meddling with the existing /etc/rc.d startup scripts (ppp, pf)
to make sure pf is only started after tun0 is up and running
is not a good idea, because it would always appear in mergemaster
later.

So the question is: how can I change the timing, so that pf only
starts AFTER ppp has brought the interfaces up? There are some
keywords (REQUIRE, BEFORE etc...) in /etc/rc.d/* files, but I'm
not really sure if that would solve the problem.

Perhaps there's also some pf setting that would dynamically adjust
to tun0 once it appears?

Thanks,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/