conf/111225: missing option "syncpeer" in pfsync startup script

Giorgos Keramidas keramida at freebsd.org
Fri Apr 6 21:30:09 UTC 2007 

The following reply was made to PR conf/111225; it has been noted by GNATS.

From: Giorgos Keramidas <keramida at freebsd.org>
To: Bas van Beek <bas at tobin.nl>
Cc: freebsd-gnats-submit at freebsd.org
Subject: Re: conf/111225: missing option "syncpeer" in pfsync startup script
Date: Sat, 7 Apr 2007 00:24:55 +0300

 > From: Giorgos Keramidas <keramida at freebsd.org>
 > To: Bas van Beek <bas at tobin.nl>
 > Cc: freebsd-gnats-submit at freebsd.org
 > Subject: conf/111225: Re: conf/111225: missing option "syncpeer" in pfsync startup script
 > Date: Fri, 6 Apr 2007 04:47:17 +0300
 > 
 > Sounds like a good idea.  Does the following patch look like something
 > we can use to make pfsync_syncpeer="address" work, and document it as an
 > rc.conf option?
 >  
 > [ http://people.freebsd.org/~keramida/diff/conf-111225.patch ]
 
 The original version of the patch used 'unset' to keep $_syncpeer local,
 but Simon has pointed me at using "local _syncpeer" since then.  I've
 updated the patch online with:
 
 %%%
 diff -r 7fd2429572a3 etc/rc.d/pfsync
 --- a/etc/rc.d/pfsync	Fri Apr 06 01:25:19 2007 +0300
 +++ b/etc/rc.d/pfsync	Sat Apr 07 00:22:07 2007 +0300
 @@ -36,8 +36,13 @@ pfsync_prestart()
  
  pfsync_start()
  {
 +	local _syncpeer
 +
  	echo "Enabling pfsync."
 -	ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
 +	if [ -n "${pfsync_syncpeer}" ]; then
 +		_syncpeer="syncpeer ${pfsync_syncpeer}"
 +	fi
 +	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
  }
  
  pfsync_stop()
 diff -r 7fd2429572a3 share/man/man5/rc.conf.5
 --- a/share/man/man5/rc.conf.5	Fri Apr 06 01:25:19 2007 +0300
 +++ b/share/man/man5/rc.conf.5	Sat Apr 07 00:22:07 2007 +0300
 @@ -855,6 +855,26 @@ It must be set accordingly if
  .Va pfsync_enable
  is set to
  .Dq Li YES .
 +.It Va pfsync_syncpeer
 +.Pq Vt str
 +Empty by default.
 +This variable is optional.
 +By default, state change messages are sent out on the synchronisation
 +interface using IP multicast packets.
 +The protocol is IP protocol 240, PFSYNC, and the multicast group used is
 +224.0.0.240.
 +When a peer address is specified using the
 +.Va pfsync_syncpeer
 +option, the peer address is used as a destination for the pfsync
 +traffic, and the traffic can then be protected using
 +.Xr ipsec 4 .
 +See the
 +.Xr pfsync 4
 +manpage for more details about using
 +.Xr ipsec 4
 +with
 +.Xr pfsync 4
 +interfaces.
  .It Va pfsync_ifconfig
  .Pq Vt str
  Empty by default.
 %%%

More information about the freebsd-pf mailing list