On Fri, 2025-01-31 at 11:27 +0100, Raimo Niskanen wrote:
> Hello misc@
>
> My ISP is often enough a bit slow to answer DHCP queries,
> so when /etc/rc runs, after netstart, PF is configured,
> and I have used the egress group in /etc/pf.conf, my ISP has
> not given me a lease, so no interface belongs to that group.
>
> pfctl refuses to load the ruleset and my router machine doesn't work.
>
> I have added a delay in /etc/rc, but that feels not kosher.
>
> I think what I miss is an argument to dhceleased, or a configuration
> parameter in dhcpleased.conf to set a longer initial lease timeout,
> before going into backgrand and returning control to netstart.
>
> Is this a common enough problem, or should I come back with a diff?
>
> Cheers
Not a direct answer to the delay part of your question, but you might
want to look at adding parentheses to your interface name. As per
pf.conf(5):
Surrounding the interface name
(and optional modifiers) in parentheses changes this
behaviour. When the interface name is surrounded by
parentheses, the rule is automatically updated whenever the
interface changes its address. The ruleset does not need
to be reloaded. This is especially useful with NAT.
Hope this helps.
martijn@
