Date: Mon, 29 Jan 2007 17:23:41 +0100 From: Max Laier <max@love2party.net> To: Pete French <petefrench@ticketswitch.com> Cc: bms@freebsd.org, freebsd-stable@freebsd.org, rcoleman@criticalmagic.com Subject: Re: impossible rc.d ordering problem with stf and pf ? Message-ID: <200701291723.52074.max@love2party.net> In-Reply-To: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com> References: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Monday 29 January 2007 13:02, Pete French wrote: > > 1) You use the interface name as address w/o dynamic lookup. > > i.e. "... from stf0 ..." > > Yes, thats it - I hadn't come across this 'dynamic lookup' thing before > though, so I didn't realise what it was. I still cant find it in the PF > manual, aside from a reference that you need to do it for NAT. > > > To 1 and 2 there is a simple sollution: Don't do that then! 1 can > > easily=20 be defused by adding parentheses. i.e. "... from (stf0) > > ...". > > pass out on (stf0) inet6 from any to any keep state No, that's a misunderstanding. The "on ifnX" part stays untouched. > Gives me a syntax error when I try and load it with pfctl. If I change > it to: > > pass out on stf0 inet6 from any to any keep state > > Then it works loading it with pfctl, but now does not work at boot due > to the lack of stf0 interface. :-( That's strange. Works here without a problem: # ifconfig -l fxp0 bge0 bge1 lo0 pflog0 No stf0 interface. # echo "pass out on stf0 inet6 from any to any keep state" | pfctl -vf- pass out on stf0 inet6 all keep state Still, rule loaded without problems ... The "(ifnX)" syntax is only for places where you use the interface as an address. The "on ifnX" part stays unchanged in any case and it does not matter if the interface exists already or not. What version are you using again? My tests are with 6.2 -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFvh+YXyyEoT62BG0RAjg/AJwLBiMSJABudU1HKYPYTb+VaKChiwCgghlm s8JJOSme8bsYsnDhBbVSblA= =Y9VW -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701291723.52074.max>