Date: Wed, 7 May 2008 21:47:49 +0100 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: Delaying pf.conf loading Message-ID: <20080507214749.64c5e7ba@gumby.homeunix.com.> In-Reply-To: <53f591170805071021i45f757d3h4558e106a0da7f18@mail.gmail.com> References: <53f591170805071021i45f757d3h4558e106a0da7f18@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 8 May 2008 01:21:22 +0800
"Justin Jereza" <justinjereza@gmail.com> wrote:
> Hello.
>
> Is it possible to delay the loading of pf rules from pf.conf after ppp
> has connected and named is running through rc.conf?
What you probably need is to do a "pf resync"; rc.d/ppp already does
this, but too early for named. Doing it after named is running is
probably not sufficient as there is no guarantee that ppp has
established a network connection.
I wrote a script that waits until it can ping external hosts, and then
does a resync:
#!/bin/sh
#
# PROVIDE: networkwait
# REQUIRE: named
# BEFORE: ntpdate
. /etc/rc.subr
networkwait_enable=${networkwait_enable:-"NO"}
name="networkwait"
rcvar=`set_rcvar`
stop_cmd=":"
start_cmd="wait_network"
wait_network(){
if [ "$networkwait_ping_hosts" ] ; then
host_list="${networkwait_ping_hosts}"
else
# No hosts supplied - use external nameservers
host_list=`awk '/^ *nameserver/ {print $2}
'< /etc/resolv.conf | grep -E -v '^127\.0+\.0+\.0*1'`
fi
echo -n "Waiting for network access ... "
while true ; do
for inet_host in $host_list ; do
if ping -nc1 $inet_host 2>&1 > /dev/null ; then
echo "ping to ${inet_host} succeeded."
# Re-Sync ipfilter and pf in case
# they had failed DNS lookups
/etc/rc.d/ipfilter resync
/etc/rc.d/pf resync
exit 0
fi
done
sleep 5
done
}
load_rc_config ${name}
run_rc_command "$1"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080507214749.64c5e7ba>