The script will be a useful workaround. Many thanks! Regards, -Richard
On 5 September 2016 at 07:35, Matthew Dillon <[email protected]> wrote: > I have this problem too, its likely a bug in our PF implementation. What I > do is have a little script which I start in the background (using the notty > command) from /etc/rc.local which checks whether the DHCP assignment has > changed on the interface and then reloads the PF rules if it has. > > To reload the rules: > > pfctl -d > pfctl -F all > pfctl -f /etc/pf.conf > pfctl -e > > There are a few ways to detect whether the DHCP assignment has changed. The > easiest is for the script to save the output from the ifconfig command > filtering for 'inet'. e.g. something like this: > > # set fubar1 to force initial reload > # > set fubar1 = "xx" > > while (1) > set fubar2 = `ifconfig igb0 | fgrep inet` > if ( "$fubar1" != "$fubar2" ) then > (reload PF rules here) > endif > sleep 10 > set fubar1 = "$fubar2" > end > > Obviously not the best solution but it works as a monitor. > > I think PF is supposed to pick-up changes automatically when an interface is > specified like that, but our PF doesn't appear to. > > -Matt > > On Sun, Sep 4, 2016 at 2:33 AM, Richard Nyberg <[email protected]> > wrote: >> >> Hello users, >> >> I've set up a df4.6 box as an internet gateway and samba fileserver at >> home. It gets it's external IP address via dhcp on re0. The problem is >> that after this machine has booted, I need to run "rcrestart pf". >> Otherwise the machines on the internal network can't access the >> internet. >> >> Any thought on this? The servers rc.conf and pf.conf are below. >> >> ### pf.conf begin >> >> ext_if="re0" >> int_if="em0" >> >> scrub in >> >> nat on $ext_if from $int_if:network -> ($ext_if) >> >> block in >> pass out keep state >> >> pass quick on { lo $int_if } >> >> pass in on $ext_if proto tcp to ($ext_if) port ssh keep state >> pass in on $ext_if proto { tcp udp } to ($ext_if) port 51403 keep state >> pass in on $ext_if proto { tcp udp } to ($ext_if) port 51413 keep state >> >> ### pf.conf end >> >> ### rc.conf begin >> >> powerd_enable="YES" >> dntpd_enable="YES" >> samba_enable="YES" >> sshd_enable="YES" >> >> dbus_enable="YES" >> avahi_daemon_enable="YES" >> >> dhcpd_enable="YES" >> dhcpd_flags="-q" >> dhcpd_conf="/usr/local/etc/dhcpd.conf" >> dhcpd_ifaces="em0" >> dhcpd_withumask="022" >> >> dumpdev="/dev/serno/S246J90Z339652.s1b" >> >> hostname="gorg.lan" >> >> ifconfig_re0="DHCP" >> ifconfig_em0="inet 10.5.2.1 netmask 0xffffff00" >> >> gateway_enable="YES" >> pf_enable="YES" >> >> ### rc.conf end >> >> Best regards, >> -Richard > >
