Hi there,
I have a pppoe0 interface setup like this (hostname.pppoe0):
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev re0 \
authproto pap \
authname 'myuser' \
authkey 'mypass' up
dest 0.0.0.1
!/sbin/route add default 0.0.0.1
!/sbin/pfctl -f /etc/pf.conf
!/etc/rc.d/isc_named restart
!/etc/rc.d/aiccu restart
Then I have setup PF to allow incoming ssh traffic. Here is my rule:
pass in on pppoe0 inet proto tcp to pppoe0 port ssh keep state
The interface has a dynamic IP. I was relying on the "!/sbin/pfctl -f
/etc/pf.conf" rule to reload my PF when the IP changes but, apparently,
it is not working as expected: it looks like the interface can change
its IP without being restarted, so PF never gets reloaded and keeps
using the old IP.
I am now thinking of placing a cron job that just reloads PF once in a
while. Is there a cleaner way to reload PF when the IP changes? Or maybe
even a better way to write the rule so that it auto-updates without the
need to reload PF at all?
Thank you
Gabriele Tozzi
--
GPG Key Fingerprint:
DAD1 E3E3 C3E9 36FB C570 F405 9B5F 7108 A1D0 2FFF
