On Mon, 9 Jan 2006, poncenby smythe wrote:
> On 9 Jan 2006, at 19:37, Otto Moerbeek wrote:
>
> >
> > On Mon, 9 Jan 2006, poncenby smythe wrote:
> >
> > > On 9 Jan 2006, at 10:43, Olivier Mehani wrote:
> > >
> > > > On Sun, Jan 08, 2006 at 10:51:12PM +0000, poncenby smythe wrote:
> > > > > I am running 3.8 GENERIC on i386 and can't figure out why pf isn't
> > > > > logging
> > > > > the packets I've told it to, here is a snippet from /etc/ pf.conf...
> > > >
> > > > Maybe a stupid check, but did you enable pf in rc.conf ?
> > >
> > > pf is set to NO in /etc/rc.conf, but is enabled with the following
> > > commands in
> > > ppp.linkup script:
> > >
> > > adsl:
> > > ! sh -c "/sbin/ifconfig pflog0 up"
> > > ! sh -c "/sbin/pfctl -f /etc/pf.conf -e"
> > >
> > > the ppp link is called adsl and running pfctl -ss reports pf is enabled.
> >
> > Why enable pf only when the link is up? It's non-standard and
> > potentially dangarous. You're better of using the standard way of
> > enabling pf.
>
> Making PF=YES in /etc/rc.conf does not seem to work as required due to my pf
> complaining it cannot determine an ip address for the tun0 interface, and then
> falls back on what I assume is a default rule set of some kind. I would rather
> not use ppp.linkup to start pf but don't know how to change the order daemons
> start (ppp is handled by daemontools which I guess is going to make it even
> harder), although I would rather not use daemontools for ppp.
Check the () syntax for interfaces. It was designed to handle these
kind of situations.
-Otto
