On 18/08/2015 14:18, wishmaster wrote: > --- Original message --- > From: "Andriy Gapon" <a...@freebsd.org> > Date: 18 August 2015, 14:05:15 > > >> I have the following rule in pf.conf: >> set skip on tap >> and even the following one: >> set skip on tap0 >> >> The rules are loaded at the system start-up time, but the tap interface >> may not be created until much later. When tap0 is first created the >> skip rules are not applied to it and the traffic gets filtered. If I >> reload the pf configuration, then the rules start working. >> >> Is there a way to make pf honor such rules for the dynamic interfaces?Hi, > > You should do it in your application, e.g. in mpd this is something like below > > set iface up-script /usr/local/etc/mpd5/link_up.sh > set iface down-script /usr/local/etc/mpd5/link_down.sh > > in openvpn - see manuals.
That's a good suggestion. But how to add a single rule for pf? Reloading the whole configuration is disruptive to existing connections. -- Andriy Gapon _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
