From owner-freebsd-stable Wed Jun 19 1: 3:47 2002 Delivered-To: freebsd-stable@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 427A137B401 for ; Wed, 19 Jun 2002 01:03:39 -0700 (PDT) Received: from odin.ac.hmc.edu (IDENT:brdavis@localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.12.3/8.12.3) with ESMTP id g5J83Qri030815; Wed, 19 Jun 2002 01:03:26 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.12.3/8.12.3/Submit) id g5J83QWC030814; Wed, 19 Jun 2002 01:03:26 -0700 Date: Wed, 19 Jun 2002 01:03:26 -0700 From: Brooks Davis To: Peter Jeremy Cc: freebsd-stable@FreeBSD.ORG Subject: Re: IPFW rules on tunX devices Message-ID: <20020619010325.A29725@Odin.AC.HMC.Edu> References: <20020619165721.B438@gsmx07.alcatel.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020619165721.B438@gsmx07.alcatel.com.au>; from peter.jeremy@alcatel.com.au on Wed, Jun 19, 2002 at 04:57:21PM +1000 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) on odin.ac.hmc.edu Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 19, 2002 at 04:57:21PM +1000, Peter Jeremy wrote: > I have a situation where I want to have some ipfw rules permanently > associated with tun0. In 4.5-RELEASE, I just included lines like the > following in the rules file specified as firewall_type in rc.conf: > add 11010 allow tcp from 10.2.3.4 to 10.2.3.5 keep-state in recv tun0 s= etup >=20 > In 4.6-RELEASE, the tun devices are created on demand and so tun0 > doesn't exist don't exist when the firewall rules are added. Other > than starting ppp(8), how do I create tun0? I thought > ifconfig tun0 create > would work, but that returns: > ifconfig: SIOCIFCREATE: Invalid argument >=20 > Any suggestions? I was able to hack around this for someone by placing an entry in /etc/rc.early to open the tun0 device so the interface would be created. The disgusting hack I used was a staticly linked binary which opened /dev/tun0. On current the following signficantly less gross shell works: echo "" >> /dev/tun0 I don't know if this works on stable though. I'm sure there's a better solution, but I've never claimed to be a shell hacker. :-) IMO, the long term solution it to fix the tun(4) driver to use interface cloning like gif(4) so you can do "ifconfig tun0 create" as necessicary. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --M9NhX3UHpAaciwkO Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9EDrNXY6L6fI4GtQRAkw2AKCsN6wWrRp8HOa9uBBcjrux435l9wCeOOD4 X79kj+IiAINlnsQVqbsCBlk= =F+c7 -----END PGP SIGNATURE----- --M9NhX3UHpAaciwkO-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message