Date: Thu, 17 Nov 2005 23:38:19 -0800 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: "J.D. Bronson" <jbronson@wixb.com> Cc: freebsd-questions@freebsd.org Subject: Re: rcorder again.. Message-ID: <20051118073818.GA1259@flame.pc> In-Reply-To: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com> References: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-11-17 06:48, "J.D. Bronson" <jbronson@wixb.com> wrote: > Well...I was surprised that no one replied. I was trying to > figure out why ppp-user would start BEFORE pf fired up.... > > It appears easy enough to change, but its untested: > > Edit /etc/rc.d/ppp-user: > > # $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $ > # > > # PROVIDE: ppp-user > # REQUIRE: netif isdnd pf <--- add pf > # KEYWORD: nojail > > ============================= > > Then rcorder shows things BETTER: > > /etc/rc.d/netif > /etc/rc.d/pfsync > /etc/rc.d/pflog > /etc/rc.d/pf > /etc/rc.d/isdnd > /etc/rc.d/ppp-user > > my only concern might be that tun0 is not created until > ppp-user launches (correct me if I am wrong) and pf might have > an issue with an interface that doesnt yet exist. Under > OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT > pf to be active prior to ppp launching (like in openbsd?) > > Can someone kindly comment on this please? You can always copy /etc/rc.d/pf to a new script, say "pfboot", and have it load a predefined rule-set, i.e.: set skip on lo0 block in all block out all You can probably copy the default ruleset that OpenBSD uses too :) With dependencies in /etc/rc.d/pfboot like these: # PROVIDE: pfboot # REQUIRE: root mountcritlocal pflog pfsync # BEFORE: netif # KEYWORD: nojail you can probably get it to work exactly like you mention above
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051118073818.GA1259>