Date: Thu, 17 Nov 2005 23:38:19 -0800 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: "J.D. Bronson" <jbronson@wixb.com> Cc: freebsd-questions@freebsd.org Subject: Re: rcorder again.. Message-ID: <20051118073818.GA1259@flame.pc> In-Reply-To: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com> References: <7.0.0.16.2.20051117064518.01c5bd98@wixb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-11-17 06:48, "J.D. Bronson" <jbronson@wixb.com> wrote:
> Well...I was surprised that no one replied. I was trying to
> figure out why ppp-user would start BEFORE pf fired up....
>
> It appears easy enough to change, but its untested:
>
> Edit /etc/rc.d/ppp-user:
>
> # $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $
> #
>
> # PROVIDE: ppp-user
> # REQUIRE: netif isdnd pf <--- add pf
> # KEYWORD: nojail
>
> =============================
>
> Then rcorder shows things BETTER:
>
> /etc/rc.d/netif
> /etc/rc.d/pfsync
> /etc/rc.d/pflog
> /etc/rc.d/pf
> /etc/rc.d/isdnd
> /etc/rc.d/ppp-user
>
> my only concern might be that tun0 is not created until
> ppp-user launches (correct me if I am wrong) and pf might have
> an issue with an interface that doesnt yet exist. Under
> OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT
> pf to be active prior to ppp launching (like in openbsd?)
>
> Can someone kindly comment on this please?
You can always copy /etc/rc.d/pf to a new script, say "pfboot",
and have it load a predefined rule-set, i.e.:
set skip on lo0
block in all
block out all
You can probably copy the default ruleset that OpenBSD uses too :)
With dependencies in /etc/rc.d/pfboot like these:
# PROVIDE: pfboot
# REQUIRE: root mountcritlocal pflog pfsync
# BEFORE: netif
# KEYWORD: nojail
you can probably get it to work exactly like you mention above
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051118073818.GA1259>