On Thursday 07 September 2006 15:00, KES wrote: > pf fails to start if interface doesnt exist or IP address not assigned
There are a couple of gotchas in this area, but most of them can be worked around. 1) "set loginterface tun0" Generally, there is no need for "set loginterface" anymore as we collect statistics for all interfaces by default. (see "pfctl -vvvs Interfaces"). 2) "altq on tun0 ..." This one can't be worked around directly due to the way ALTQ is implemented, but see below. 3) "... from tun0 ..." or "... to tun0 ..." in filter rules, "-> tun0" in nat rules This can easily be solved by using "(tun0)" in these rules. This assures two things, firstly it allows to load the rule w/o tun0 existing, secondly it tracks address changes on the interface. Note that due to some unclear ppp bug it might be necessary to use "(tun0:0)" instead. A general sollution for ppp devices is the use of the "ppp.linkup" script. All ppp clients, I'm aware of, support it in one way or another. This script is executed just after the link is up and IP addresses are configured - usually before data is accepted from the device. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgp25sY98zKyO.pgp
Description: PGP signature
