pf and new interface
Andriy Gapon
avg at FreeBSD.org
Tue Aug 18 11:35:35 UTC 2015
On 18/08/2015 14:18, wishmaster wrote:
> --- Original message ---
> From: "Andriy Gapon" <avg at freebsd.org>
> Date: 18 August 2015, 14:05:15
>
>
>> I have the following rule in pf.conf:
>> set skip on tap
>> and even the following one:
>> set skip on tap0
>>
>> The rules are loaded at the system start-up time, but the tap interface
>> may not be created until much later. When tap0 is first created the
>> skip rules are not applied to it and the traffic gets filtered. If I
>> reload the pf configuration, then the rules start working.
>>
>> Is there a way to make pf honor such rules for the dynamic interfaces?Hi,
>
> You should do it in your application, e.g. in mpd this is something like below
>
> set iface up-script /usr/local/etc/mpd5/link_up.sh
> set iface down-script /usr/local/etc/mpd5/link_down.sh
>
> in openvpn - see manuals.
That's a good suggestion. But how to add a single rule for pf?
Reloading the whole configuration is disruptive to existing connections.
--
Andriy Gapon
More information about the freebsd-net
mailing list