is this because you can rely on the VPN to properly protect access to it through the vpn mechanisms? Eric On Wed, Sep 16, 2009 at 8:23 PM, Craig White wrote: > I don't recall ever creating firewall rules for the tun or tap > interfaces. > > Craig > > On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote: > > That was my concern. However, PF fails to start properly because the > > VPN TUN interface isn't established yet. Have you had issues like this > > on other systems? > > Eric > > > > On Wed, Sep 16, 2009 at 6:59 PM, Craig White > > wrote: > > On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote: > > > I need openvpn, then samba, and finally pf (packet filter). > > Its > > > currently the reverse order. > > > I know where the conf file is, where is the script? > > > > ---- > > I don't know enough about BSD but in general, you want the > > packet filter > > scripts to run early, even before network devices are up and > > running > > because if you have a system hang in between starting the > > network > > devices and the packet filtering, you have a very exposed > > system. > > > > I would suspect that the reason you are wanting to fiddle with > > what is > > probably an already well considered sequence is to try to get > > around a > > problem that should probably be solved elsewhere. > > > > It seems to me that having pf, samba and openvpn load in this > > order is > > the logical way. Whatever problems you are experiencing are > > probably > > best solved without tinkering with this. > > > > Craig > > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Eric Cope http://cope-et-al.com