On 2005-11-17 06:48, J.D. Bronson [EMAIL PROTECTED] wrote:
Well...I was surprised that no one replied. I was trying to
figure out why ppp-user would start BEFORE pf fired up
It appears easy enough to change, but its untested:
Edit /etc/rc.d/ppp-user:
# $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $
#
# PROVIDE: ppp-user
# REQUIRE: netif isdnd pf --- add pf
# KEYWORD: nojail
=
Then rcorder shows things BETTER:
/etc/rc.d/netif
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/isdnd
/etc/rc.d/ppp-user
my only concern might be that tun0 is not created until
ppp-user launches (correct me if I am wrong) and pf might have
an issue with an interface that doesnt yet exist. Under
OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT
pf to be active prior to ppp launching (like in openbsd?)
Can someone kindly comment on this please?
You can always copy /etc/rc.d/pf to a new script, say pfboot,
and have it load a predefined rule-set, i.e.:
set skip on lo0
block in all
block out all
You can probably copy the default ruleset that OpenBSD uses too :)
With dependencies in /etc/rc.d/pfboot like these:
# PROVIDE: pfboot
# REQUIRE: root mountcritlocal pflog pfsync
# BEFORE: netif
# KEYWORD: nojail
you can probably get it to work exactly like you mention above
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
