Date: Mon, 13 Nov 2017 12:14:44 +0100 From: Dave Cottlehuber <dch@skunkwerks.at> To: freebsd-ports@freebsd.org Subject: rc.d script ordering for net/zerotier & firewalls Message-ID: <1510571684.3720188.1170564368.557FA21F@webmail.messagingengine.com>
next in thread | raw e-mail | index | archive | help
zerotier is a peer-to-peer layer 2 overlay network that creates a tap interface for its traffic. In the current net/zerotier port[1], if you want to define firewall rules (e.g. pf) that rely on the existence of the zerotier interface, it will fail on reboot as the rc.d dependencies aren't sufficient: # PROVIDE: zerotier # REQUIRE: LOGIN # KEYWORD: shutdown This variant seems to "work on my machine" to manage the dependencies appropriately, see rcorder(8) output below. # PROVIDE: zerotier # REQUIRE: FILESYSTEMS netif # BEFORE: pf ipfw # KEYWORD: shutdown the intention is that the ordering would be as follows: 1. physical network interfaces are available 2. zerotier's tap interfaces are created via its daemon 3. then firewalls can be started up 4. jails and daemons (nginx, haproxy etc) can be assigned a zerotier address Is there a better way of handling this? Is there a reason why /pf/ is missing from /etc/rc.d/NETWORKING ? # PROVIDE: NETWORKING NETWORK # REQUIRE: netif netwait netoptions routing ppp ipfw stf # REQUIRE: defaultroute route6d resolv bridge # REQUIRE: static_arp static_ndp > rcorder /usr/local/etc/rc.d/* /etc/rc.d/* ... /etc/rc.d/hostname /etc/rc.d/ip6addrctl /etc/rc.d/netoptions /etc/rc.d/random /etc/rc.d/sppp /etc/rc.d/ipfilter /etc/rc.d/ipnat /etc/rc.d/ipfs /etc/rc.d/serial /etc/rc.d/iovctl /etc/rc.d/netif /etc/rc.d/devd /etc/rc.d/zfsd /etc/rc.d/ipsec /usr/local/etc/rc.d/zerotier /etc/rc.d/pfsync /etc/rc.d/pflog /etc/rc.d/pf /etc/rc.d/stf /etc/rc.d/ppp /etc/rc.d/routing /etc/rc.d/ipfw /etc/rc.d/netwait /etc/rc.d/resolv /etc/rc.d/local_unbound /etc/rc.d/nsswitch /etc/rc.d/routed /etc/rc.d/rtsold /etc/rc.d/static_ndp /etc/rc.d/static_arp /etc/rc.d/bridge /etc/rc.d/route6d /etc/rc.d/defaultroute /etc/rc.d/NETWORKING ... A+ Dave [1]: https://svnweb.freebsd.org/ports/head/net/zerotier/files/zerotier.in?revision=398568&view=markup
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1510571684.3720188.1170564368.557FA21F>