Date: Thu, 07 Sep 2006 14:34:15 -0500 From: eculp@bafirst.com To: freebsd-pf@freebsd.org Subject: Re: pf fails to start Message-ID: <20060907143415.scknj7rgo40k8k0w@mail.bafirst.com> In-Reply-To: <d5992baf0609070844i24006d7vc71d7e0a2bd80fa6@mail.gmail.com> References: <922498059.20060907160002@yandex.ru> <d5992baf0609070844i24006d7vc71d7e0a2bd80fa6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Scott Ullrich <sullrich@gmail.com>:
> On 9/7/06, KES <kes-kes@yandex.ru> wrote:
>> Hello
>>
>> pf fails to start if interface doesnt exist or IP address not assigned
>>
>> I have trobles with tun0 (pppeo connection)
>>
>> Look at next picture:
>>
>> 1) power fail,
>> 2) FreeBSD starting,
>> 3) do pppoe connection to provider
>> 3.a) pppoe fail (ISP has some problem)
>> 4) pf starts and fails =((
>> 5) FreeBSD fall to infinit loop (I have wait 15minutes and then pressCTRL+C)
>>
>> Copy of console messages:
>> pflog promiscios
>> pf enabled
>> pflog: here some message (I don't remember)
>>
>> some experements:
>>
>> kes# ps ax|grep ppp
>> 357 ?? Ss 0:18.88 /usr/sbin/ppp -ddial -unit1 adsl
>> 373 ?? Rs 46:53.56 /usr/sbin/ppp -dedicated -quiet -unit0 leased
>> 47226 p2 DL+ 0:00.00 grep ppp
>>
>> #KILL pppoe connection
>> kes# kill -9 373
>> kes# kill -9 373
>> 373: No such process
>>
>> #Reload pf.conf
>> kes# pfctl -f /etc/pf.conf
>> no IP address found for tun0
>> /etc/pf.conf:48: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:66: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:100: could not parse host specification
>> no IP address found for tun0
>> /etc/pf.conf:101: could not parse host specification
>> pfctl: Syntax error in config file: pf rules not loaded
>>
>> #start pppoe
>> kes# /usr/sbin/ppp -dedicated -quiet -unit0 leased
>> kes# pfctl -f /etc/pf.conf
>>
>> #no errors here.
>> kes#
>>
>> So I have no "Syntax error in config file"
>>
>> TO authur of pf:
>> You must change behavior of pf like ipfw does.
>> ipfw only do warning messages in situations like this.
>
> Please share your entire pf rules file. There are ways to work around
> this. Most notably you can wrap tun0 around () and PF will silently
> ignore the item until the interface is actually up and running.
Whould that be "(" tun0 ")" ? Or would a simple ( tun0 ) work?
Thanks,
ed
>
> Scott
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060907143415.scknj7rgo40k8k0w>