On Sunday 06 June 2004 12:46, Jonathan Weiss wrote: > Hi folks, > > > I updated my 5.2.1 box to current today und changed from the PF-port to the > new base-PF. Everything went fine, but when I rebooted the box, it hangs > when samba was starting up. The problem was, that samba could not bind to > its ports due to the default pf rulesset being loaded (only ssh-in is > allowed). > > The problem originates in the fact, that I have a DSl modem and pppd > connects on startup. Because I get only a dynamic IP, I use such statements > in my ruleset : > > > pass in on $tun_if inet proto tcp from any to ($tun_if) port 22 flags > S/SA modulate state label > > > The ($tun_if) gives me the current IP of the tun0-interface and this is > often used by users with dynamic Ips. > > The problem is, that ppp is not fast enough for PF. PF is starting up > before ppp gets an IP for tun0, so loading the ruleset fails. While using > the PF-port, the time lag between starting ppp and PF was big enough, as PF > was started whith the other third-party tools. With PF now in the > basesystem, it is too fast for ppp. > > Inserting a "sleep 10" in the pf_start()-function in /etc/rc.d/pf solved my > problem, as PF waits 10 seconds before loading the ruleset and ppp now gets > the dynamic IP in time. > > > > Could we add the "sleep 10" or maybe a "sleep 5" in this function? I'm sure > when current become 5.3 I'll be not alone with my problem. This problem will be solved once we import pf from OpenBSD 3.5 with the new interface handling. For ppp I suggest loading the ruleset from ppp.linkup instead of using the rc.d script for now. Test the 3.5 import with the patchset from: http://people.freebsd.org/~mlaier/ Thanks ;) -- Best regards, | mlaier_at_freebsd.org Max Laier | ICQ #67774661 http://pf4freebsd.love2party.net/ | mlaier_at_EFnet
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:56 UTC