Ordering for network-sensitive rc scripts
Fabian Keil
freebsd-listen at fabiankeil.de
Mon May 12 09:52:45 UTC 2014
David Chisnall <theraven at FreeBSD.org> wrote:
> On 11 May 2014, at 20:23, Adrian Chadd <adrian at freebsd.org> wrote:
>
> > On 11 May 2014 12:01, David Chisnall <theraven at freebsd.org> wrote:
> >> On 17 Apr 2014, at 09:30, Adrian Chadd <adrian at FreeBSD.org> wrote:
> >>
> >>> Can't we add a devd hook to do that?
> >>
> >> I tried doing this, but it turns out that wlan devices don't appear to send devd LINK_UP / LINK_DOWN events. It would be nice to have a clean solution to this. By default, using the stock rc scripts, my router is currently not able to forward packets from the WiFi until I've logged into it and manually run 'service pf restart', which is a bit crazy. I've hacked around it by having a script run from rc.local that sleeps for 60 seconds and then restarts a few things, but that's really, really ugly.
> >>
> >> On closer inspection, pf doesn't fail silently, it complains about a syntax error in my config file because wlan0 is not a known interface.
> >>
> >> We therefore have an rc ordering problem if you want to use pf and WiFi at the same time. This problem was introduced some time between 9.2 and 10.0.
> >
> > Is there a PR for this? It's the first I've heard of it.
>
> Not yet. This is the result of my investigations as of 10 minutes ago. I'll file a PR, if no one can tell me I'm doing something obviously wrong...
I'm not saying that you did something wrong or shouldn't file a PR,
but on my laptop (11-CURRENT) pf works as expected without service
restarts.
The relevant configuration excerpt:
ext_if = "wlan0"
int_if = "bge0"
jail_if = "lo1"
[...]
nat pass on $ext_if from $int_if:network to any -> $ext_if
nat on $ext_if from $jail_if:network to any -> $ext_if
wlan0 is a wlandev on iwn0.
I'm usually using static IP addresses, but it worked with dynamic
IP addresses (and ext_if and int_if reversed) in the past.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20140512/265eb1fa/attachment.sig>
More information about the freebsd-current
mailing list