From owner-freebsd-questions@FreeBSD.ORG  Fri Mar  4 17:30:45 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4989016A4CE
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Mar 2005 17:30:45 +0000 (GMT)
Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ECAF543D39
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Mar 2005 17:30:43 +0000 (GMT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr
	[62.103.39.226])j24HURaW019945
	for <freebsd-questions@freebsd.org>; Fri, 4 Mar 2005 19:30:27 +0200
Received: from orion.daedalusnetworks.priv (orion [127.0.0.1])
	j24HUfvI001347	for <freebsd-questions@freebsd.org>;
	Fri, 4 Mar 2005 19:30:41 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from keramida@localhost)j24HUfFC001346
	for freebsd-questions@freebsd.org;
	Fri, 4 Mar 2005 19:30:41 +0200 (EET)
	(envelope-from keramida@ceid.upatras.gr)
Date: Fri, 4 Mar 2005 19:30:41 +0200
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: freebsd-questions@freebsd.org
Message-ID: <20050304173041.GA1314@orion.daedalusnetworks.priv>
References: <6.2.0.14.2.20050304062626.00aa8468@localhost>
	<20050304164136.GA1684@orion.daedalusnetworks.priv>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050304164136.GA1684@orion.daedalusnetworks.priv>
Subject: Re: pf seems to start late?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Mar 2005 17:30:45 -0000

On 2005-03-04 18:41, Giorgos Keramidas <keramida@freebsd.org> wrote:
>On 2005-03-04 06:29, "J.D. Bronson" <jbronson@wixb.com> wrote:
>> Mar  4 06:15:11 sole kernel: Starting syslogd.
>> Mar  4 06:15:11 sole kernel: Mar  4 06:15:11 sole syslogd: kernel boot file is /boot/kernel/kernel
>> Mar  4 06:15:11 sole kernel: Starting named.
>> Mar  4 06:15:12 sole kernel: Setting date via ntp.
>> Mar  4 06:15:15 sole kernel: 4 Mar 06:15:15 ntpdate[345]: step time server x.x.x.x offset -0.534182 sec
>> Mar  4 06:15:15 sole kernel: Clearing /tmp.
>> Mar  4 06:15:16 sole kernel: ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
>> Mar  4 06:15:16 sole kernel: a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
>> Mar  4 06:15:16 sole kernel: Enabling pflogd
>> Mar  4 06:15:16 sole kernel: .
>> Mar  4 06:15:16 sole kernel: Mar  4 06:15:16 sole kernel: pflog0: promiscuous mode enabled
>> Mar  4 06:15:16 sole kernel: Enabling pf.
>> Mar  4 06:15:16 sole kernel: pf enabled
>>
>> Shouldn't PF start right after the interfaces come up? [...]
> [...]
> Can you try the following patch to your /etc/rc.d/pf script and tell me
> if it works for you or if it breaks anything important?
>
> %%%
> Index: pf
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/pf,v
> retrieving revision 1.6
> diff -u -r1.6 pf
> --- pf	25 Oct 2004 08:12:28 -0000	1.6
> +++ pf	4 Mar 2005 16:39:03 -0000
> @@ -5,7 +5,7 @@
>
>  # PROVIDE: pf
>  # REQUIRE: root mountcritlocal netif pflog
> -# BEFORE:  DAEMON LOGIN
> +# BEFORE:  netif
>  # KEYWORD: nojail
>
>  . /etc/rc.subr
> Index: pflog
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/pflog,v
> retrieving revision 1.5
> diff -u -r1.5 pflog
> --- pflog	16 Jan 2005 03:12:03 -0000	1.5
> +++ pflog	4 Mar 2005 16:40:21 -0000
> @@ -4,7 +4,7 @@
>  #
>
>  # PROVIDE: pflog
> -# REQUIRE: root mountcritlocal netif cleanvar
> +# REQUIRE: root mountcritlocal cleanvar
>  # BEFORE:  DAEMON LOGIN
>  # KEYWORD: nojail
>
> %%%

Just in case anyone else tries using this, please try a version that
doesn't introduce a circular dependency of pf -> netif -> pf:

%%%
Index: pf
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/pf,v
retrieving revision 1.6
diff -u -r1.6 pf
--- pf	25 Oct 2004 08:12:28 -0000	1.6
+++ pf	4 Mar 2005 17:07:57 -0000
@@ -4,8 +4,8 @@
 #
 
 # PROVIDE: pf
-# REQUIRE: root mountcritlocal netif pflog
-# BEFORE:  DAEMON LOGIN
+# REQUIRE: root mountcritlocal pflog
+# BEFORE:  netif
 # KEYWORD: nojail
 
 . /etc/rc.subr
Index: pflog
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
retrieving revision 1.5
diff -u -r1.5 pflog
--- pflog	16 Jan 2005 03:12:03 -0000	1.5
+++ pflog	4 Mar 2005 17:09:37 -0000
@@ -4,8 +4,8 @@
 #
 
 # PROVIDE: pflog
-# REQUIRE: root mountcritlocal netif cleanvar
-# BEFORE:  DAEMON LOGIN
+# REQUIRE: root mountcritlocal cleanvar
+# BEFORE:  DAEMON LOGIN pf
 # KEYWORD: nojail
 
 . /etc/rc.subr
%%%