Date: Mon, 12 May 2014 11:50:54 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-current@freebsd.org Subject: Re: Ordering for network-sensitive rc scripts Message-ID: <20140512115054.4fac65dd@fabiankeil.de> In-Reply-To: <5C90ED2E-4A10-4E2B-9399-292E2FD616E7@FreeBSD.org> References: <DA602ED0-ECBC-4A3D-8F1B-9CB80EDE12B5@FreeBSD.org> <CAJ-Vmo=2Zw-WkBJj%2BeEjG5k9eMs_Oxs_P4cN6iRh75j2z_EB2g@mail.gmail.com> <B46D241C-DC7F-41E0-A344-AB6BC3708F2A@FreeBSD.org> <CAJ-VmokHd_bW9DC53e2r3=E5okd8c1wFkr2VRkQ6Gx-464d5YA@mail.gmail.com> <5C90ED2E-4A10-4E2B-9399-292E2FD616E7@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/5qPHckvayJ7zc3xuwpmhTqO Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable David Chisnall <theraven@FreeBSD.org> wrote: > On 11 May 2014, at 20:23, Adrian Chadd <adrian@freebsd.org> wrote: >=20 > > On 11 May 2014 12:01, David Chisnall <theraven@freebsd.org> wrote: > >> On 17 Apr 2014, at 09:30, Adrian Chadd <adrian@FreeBSD.org> wrote: > >>=20 > >>> Can't we add a devd hook to do that? > >>=20 > >> I tried doing this, but it turns out that wlan devices don't appear to= send devd LINK_UP / LINK_DOWN events. It would be nice to have a clean so= lution to this. By default, using the stock rc scripts, my router is curre= ntly not able to forward packets from the WiFi until I've logged into it an= d manually run 'service pf restart', which is a bit crazy. I've hacked aro= und it by having a script run from rc.local that sleeps for 60 seconds and = then restarts a few things, but that's really, really ugly. > >>=20 > >> On closer inspection, pf doesn't fail silently, it complains about a s= yntax error in my config file because wlan0 is not a known interface. > >>=20 > >> We therefore have an rc ordering problem if you want to use pf and WiF= i at the same time. This problem was introduced some time between 9.2 and = 10.0. > >=20 > > Is there a PR for this? It's the first I've heard of it. >=20 > Not yet. This is the result of my investigations as of 10 minutes ago. = I'll file a PR, if no one can tell me I'm doing something obviously wrong... I'm not saying that you did something wrong or shouldn't file a PR, but on my laptop (11-CURRENT) pf works as expected without service restarts. The relevant configuration excerpt: ext_if =3D "wlan0" int_if =3D "bge0" jail_if =3D "lo1" [...] nat pass on $ext_if from $int_if:network to any -> $ext_if nat on $ext_if from $jail_if:network to any -> $ext_if wlan0 is a wlandev on iwn0. I'm usually using static IP addresses, but it worked with dynamic IP addresses (and ext_if and int_if reversed) in the past. Fabian --Sig_/5qPHckvayJ7zc3xuwpmhTqO Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEYEARECAAYFAlNwmYIACgkQBYqIVf93VJ2yIQCfWUYZhaHmv2p9IyP4c1pSZ+Sl s7kAn3UjJW5LQYkiS358WY/pq/SKoWmu =eWho -----END PGP SIGNATURE----- --Sig_/5qPHckvayJ7zc3xuwpmhTqO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140512115054.4fac65dd>