pf and new interface
wishmaster
artemrts at ukr.net
Tue Aug 18 11:18:34 UTC 2015
--- Original message ---
From: "Andriy Gapon" <avg at freebsd.org>
Date: 18 August 2015, 14:05:15
> I have the following rule in pf.conf:
> set skip on tap
> and even the following one:
> set skip on tap0
>
> The rules are loaded at the system start-up time, but the tap interface
> may not be created until much later. When tap0 is first created the
> skip rules are not applied to it and the traffic gets filtered. If I
> reload the pf configuration, then the rules start working.
>
> Is there a way to make pf honor such rules for the dynamic interfaces?Hi,
You should do it in your application, e.g. in mpd this is something like below
set iface up-script /usr/local/etc/mpd5/link_up.sh
set iface down-script /usr/local/etc/mpd5/link_down.sh
in openvpn - see manuals.
Cheers,
Vitaliy
More information about the freebsd-net
mailing list