-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Volker <[EMAIL PROTECTED]> wrote: > > without seeing your pf.conf ruleset, I guess you're using a ppp > connection to your upstream provider and firewalling on the tunX > interface (using tun0 as $ext_if). > > As FreeBSD boots up, this interface does not yet exist when pf is > loaded. As soon as ppp is loaded and interface tun0 has been created, > pf will happily load your ruleset.
My understanding of PF is that it will happily load a configuration that contains references to nonexistent interfaces, and when those interface come around to existing later, it will happily enforce the policy applied to them. That is to say, I can't find any evidence that an interface that doesn't exist causes policy loading to fail. To test this, I added a couple of lines to my existing policy: pass out quick on gpx0 all pass in on asdfiawe934 from 1.2.3.4 to 4.3.2.1 PF did not complain one bit about these nonsensical interface names, and "pfctl -sr" verifies that they do indeed remain in force, even though they have no chance of matching anything. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGZceeFSrKRjX5eCoRAoveAKCq555M9XeyLz6yHGNRNwfalsbJ9QCfRUZZ zV8DZgb0db0hxRdKKnY4HpM= =bCVg -----END PGP SIGNATURE----- _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"