On Mon, Dec 28, 2009 at 10:11:36PM +0100, Didier Wiroth wrote:
> Hello,
> (running current on a soekris 5501 box)
> I'm using an OpenBSD DSL router at home. After I reboot my dsl router, it
> takes 1 to 3 minutes before the DSL line is up and to the router to be
> functional. When looking at the console it hangs at the following line:
> add default 0.0.0.1
> After 1-3 minutes the router finishes to start it's network services and is
> able to route traffic and run normally.
>
> By the way, here is my hostname.pppoe0:
> inet 0.0.0.0 255.255.255.255 0.0.0.1 -inet6 pppoedev re0\
> authproto pap authname xyz authkey xyz up
> !/sbin/route add default 0.0.0.1
>
> I would like to restrict some boxes in my home network to connect only to
> specific hosts and ports like this:
> boxes="{ 172.16.43.34,172.16.43.35 }"
> host1="somehost.somewhere.org"
> host2="somehost2.somewhere.org"
> port1="{ 9999,10000 }"
> port2="22222"
> pass in on $int_if inet proto tcp from $boxes to $host1 port $port1\
> tag allowed1
> pass in on $int_if inet proto tcp from $boxes to $host2 port $port2\
> tag allowed1
> pass out quick on $ext_if nat-to ($ext_if) tagged allowed1
>
> Well ... here are my problems. The $host{1,2} are DynamicDNS clients which
> IPs
> can change from time to time. I don't know when they change and I don't have
> a hand on these machines.
>
> My questions:
> 1) When I reboot my router, pf.conf fails to load due to the 1-3 minutes
> delay. The 2 hosts are not resolved and there is an error message that
> pf.conf cannot be loaded.
> How can I resolve this problem?
PF tries to load /etc/pf.conf rules before any other network daemon is
stared. That includes named(8). This has been discussed many times on
misc@
> 2) If the $host{1,2} change after I've loaded my pf rules, how can I track
> the
> IP changes of these hosts and make pf reload their updated IP adresses.
You can come up with many ways of doing it. One example could be a
cronjob that tries to resolve some hostnames and update a PF table..
