RC Service Order

Eric Cope eric.cope at gmail.com
Wed Sep 16 20:28:07 MST 2009 

is this because you can rely on the VPN to properly protect access to it
through the vpn mechanisms?
Eric

On Wed, Sep 16, 2009 at 8:23 PM, Craig White <craigwhite at azapple.com> wrote:

> I don't recall ever creating firewall rules for the tun or tap
> interfaces.
>
> Craig
>
> On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
> > That was my concern. However, PF fails to start properly because the
> > VPN TUN interface isn't established yet. Have you had issues like this
> > on other systems?
> > Eric
> >
> > On Wed, Sep 16, 2009 at 6:59 PM, Craig White <craigwhite at azapple.com>
> > wrote:
> >         On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> >         > I need openvpn, then samba, and finally pf (packet filter).
> >         Its
> >         > currently the reverse order.
> >         > I know where the conf file is, where is the script?
> >
> >         ----
> >         I don't know enough about BSD but in general, you want the
> >         packet filter
> >         scripts to run early, even before network devices are up and
> >         running
> >         because if you have a system hang in between starting the
> >         network
> >         devices and the packet filtering, you have a very exposed
> >         system.
> >
> >         I would suspect that the reason you are wanting to fiddle with
> >         what is
> >         probably an already well considered sequence is to try to get
> >         around a
> >         problem that should probably be solved elsewhere.
> >
> >         It seems to me that having pf, samba and openvpn load in this
> >         order is
> >         the logical way. Whatever problems you are experiencing are
> >         probably
> >         best solved without tinkering with this.
> >
> >         Craig
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Eric Cope
http://cope-et-al.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090916/5c3735e7/attachment.htm

More information about the PLUG-discuss mailing list