From owner-freebsd-pf@FreeBSD.ORG Sat Mar 11 19:50:23 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 28CB616A41F for ; Sat, 11 Mar 2006 19:50:23 +0000 (GMT) (envelope-from raymond.jacob@navy.mil) Received: from gate15-norfolk.nmci.navy.mil (gate15-norfolk.nmci.navy.mil [138.162.5.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 678B143D60 for ; Sat, 11 Mar 2006 19:50:10 +0000 (GMT) (envelope-from raymond.jacob@navy.mil) Received: from naeanrfkms03.nmci.navy.mil by gate15-norfolk.nmci.navy.mil via smtpd (for mx1.freebsd.org [216.136.204.125]) with ESMTP; Sat, 11 Mar 2006 19:50:10 +0000 Received: (private information removed) Received: from no.name.available by naeanrfkfw09c.nmci.navy.mil via smtpd (for insidesmtp2.nmci.navy.mil [10.16.0.170]) with ESMTP; Sat, 11 Mar 2006 19:50:07 +0000 Received: (private information removed) Received: (private information removed) Received: (private information removed) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Date: Sat, 11 Mar 2006 14:50:04 -0500 Message-ID: <653C8E7D21FB654997909E77C691053F446ADF@NAEAWNYDEX21VA.nadsusea.nads.navy.mil> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: when to start pfctl when using ng_one2many? Thread-Index: AcZFRP3Gy2n77ovsRZ2tetnm0LbtQw== From: "Jacob, Raymond A Jr" To: X-OriginalArrivalTime: 11 Mar 2006 19:50:04.0663 (UTC) FILETIME=[FDE8E870:01C64544] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: when to start pfctl when using ng_one2many? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Mar 2006 19:50:23 -0000 I am using ng_one2many to bundle interfaces togther into the interface = ngeth0 with a script in /usr/local/etc/rc.d/. I am assuming that I can not load the enable pf until ngeth0 is up? I can not figure = out how to load ngeth0 in the kernel so all I have to do is have a line with ifconfig_ngeth0=3D"promisc up" in the /etc/rc.conf. = Questions:=20 1. Is it a good idea load pf with -d flag then write a script in = /usr/local/etc/rc.d to start the firewall when all the interfaces are = up? or to set pf_flags =3D "" and have pf run from /etc/rc.d? 2. How should I handle the bundled interfaces? If there is no way to use = /etc/network.subr or /etc/rc.d/netif? Thank you, Raymond=20