Re: Ordering for network-sensitive rc scripts

From: Fabian Keil <freebsd-listen_at_fabiankeil.de>
Date: Mon, 12 May 2014 11:50:54 +0200
David Chisnall <theraven_at_FreeBSD.org> wrote:

> On 11 May 2014, at 20:23, Adrian Chadd <adrian_at_freebsd.org> wrote:
> 
> > On 11 May 2014 12:01, David Chisnall <theraven_at_freebsd.org> wrote:
> >> On 17 Apr 2014, at 09:30, Adrian Chadd <adrian_at_FreeBSD.org> wrote:
> >> 
> >>> Can't we add a devd hook to do that?
> >> 
> >> I tried doing this, but it turns out that wlan devices don't appear to send devd LINK_UP / LINK_DOWN events.  It would be nice to have a clean solution to this.  By default, using the stock rc scripts, my router is currently not able to forward packets from the WiFi until I've logged into it and manually run 'service pf restart', which is a bit crazy.  I've hacked around it by having a script run from rc.local that sleeps for 60 seconds and then restarts a few things, but that's really, really ugly.
> >> 
> >> On closer inspection, pf doesn't fail silently, it complains about a syntax error in my config file because wlan0 is not a known interface.
> >> 
> >> We therefore have an rc ordering problem if you want to use pf and WiFi at the same time.  This problem was introduced some time between 9.2 and 10.0.
> > 
> > Is there a PR for this? It's the first I've heard of it.
> 
> Not yet.  This is the result of my investigations as of 10 minutes ago.  I'll file a PR, if no one can tell me I'm doing something obviously wrong...

I'm not saying that you did something wrong or shouldn't file a PR,
but on my laptop (11-CURRENT) pf works as expected without service
restarts.

The relevant configuration excerpt:

ext_if  = "wlan0"
int_if  = "bge0"
jail_if = "lo1"
[...]
nat pass on $ext_if from  $int_if:network to any -> $ext_if
nat on $ext_if from $jail_if:network to any -> $ext_if

wlan0 is a wlandev on iwn0.

I'm usually using static IP addresses, but it worked with dynamic
IP addresses (and ext_if and int_if reversed) in the past.

Fabian

Received on Mon May 12 2014 - 07:52:45 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:49 UTC