Date: Mon, 29 Jan 2007 17:23:41 +0100 From: Max Laier <max@love2party.net> To: Pete French <petefrench@ticketswitch.com> Cc: bms@freebsd.org, freebsd-stable@freebsd.org, rcoleman@criticalmagic.com Subject: Re: impossible rc.d ordering problem with stf and pf ? Message-ID: <200701291723.52074.max@love2party.net> In-Reply-To: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com> References: <E1HBVDo-0008WW-Fe@dilbert.ticketswitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2993517.5KRqd8aUqD Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 29 January 2007 13:02, Pete French wrote: > > 1) You use the interface name as address w/o dynamic lookup. > > i.e. "... from stf0 ..." > > Yes, thats it - I hadn't come across this 'dynamic lookup' thing before > though, so I didn't realise what it was. I still cant find it in the PF > manual, aside from a reference that you need to do it for NAT. > > > To 1 and 2 there is a simple sollution: Don't do that then! 1 can > > easily=3D20 be defused by adding parentheses. i.e. "... from (stf0) > > ...". > > pass out on (stf0) inet6 from any to any keep state No, that's a misunderstanding. The "on ifnX" part stays untouched. > Gives me a syntax error when I try and load it with pfctl. If I change > it to: > > pass out on stf0 inet6 from any to any keep state > > Then it works loading it with pfctl, but now does not work at boot due > to the lack of stf0 interface. :-( That's strange. Works here without a problem: # ifconfig -l fxp0 bge0 bge1 lo0 pflog0 No stf0 interface. # echo "pass out on stf0 inet6 from any to any keep state" | pfctl -vf- pass out on stf0 inet6 all keep state Still, rule loaded without problems ... The "(ifnX)" syntax is only for places where you use the interface as an=20 address. The "on ifnX" part stays unchanged in any case and it does not=20 matter if the interface exists already or not. What version are you using again? My tests are with 6.2 =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2993517.5KRqd8aUqD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFvh+YXyyEoT62BG0RAjg/AJwLBiMSJABudU1HKYPYTb+VaKChiwCgghlm s8JJOSme8bsYsnDhBbVSblA= =Y9VW -----END PGP SIGNATURE----- --nextPart2993517.5KRqd8aUqD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701291723.52074.max>