rcorder again..
Giorgos Keramidas
keramida at ceid.upatras.gr
Fri Nov 18 07:39:04 GMT 2005
On 2005-11-17 06:48, "J.D. Bronson" <jbronson at wixb.com> wrote:
> Well...I was surprised that no one replied. I was trying to
> figure out why ppp-user would start BEFORE pf fired up....
>
> It appears easy enough to change, but its untested:
>
> Edit /etc/rc.d/ppp-user:
>
> # $FreeBSD: src/etc/rc.d/ppp-user,v 1.7 2004/12/15 12:39:28 brian Exp $
> #
>
> # PROVIDE: ppp-user
> # REQUIRE: netif isdnd pf <--- add pf
> # KEYWORD: nojail
>
> =============================
>
> Then rcorder shows things BETTER:
>
> /etc/rc.d/netif
> /etc/rc.d/pfsync
> /etc/rc.d/pflog
> /etc/rc.d/pf
> /etc/rc.d/isdnd
> /etc/rc.d/ppp-user
>
> my only concern might be that tun0 is not created until
> ppp-user launches (correct me if I am wrong) and pf might have
> an issue with an interface that doesnt yet exist. Under
> OpenBSD, tun0 is there before ppp even starts. Wouldnt we WANT
> pf to be active prior to ppp launching (like in openbsd?)
>
> Can someone kindly comment on this please?
You can always copy /etc/rc.d/pf to a new script, say "pfboot",
and have it load a predefined rule-set, i.e.:
set skip on lo0
block in all
block out all
You can probably copy the default ruleset that OpenBSD uses too :)
With dependencies in /etc/rc.d/pfboot like these:
# PROVIDE: pfboot
# REQUIRE: root mountcritlocal pflog pfsync
# BEFORE: netif
# KEYWORD: nojail
you can probably get it to work exactly like you mention above
More information about the freebsd-questions
mailing list