I don't recall ever creating firewall rules for the tun or tap
interfaces.
Craig
On Wed, 2009-09-16 at 20:18 -0700, Eric Cope wrote:
> That was my concern. However, PF fails to start properly because the
> VPN TUN interface isn't established yet. Have you had issues like this
> on other systems?
> Eric
>
> On Wed, Sep 16, 2009 at 6:59 PM, Craig White <craigwhite@azapple.com>
> wrote:
> On Wed, 2009-09-16 at 18:38 -0700, Eric Cope wrote:
> > I need openvpn, then samba, and finally pf (packet filter).
> Its
> > currently the reverse order.
> > I know where the conf file is, where is the script?
>
> ----
> I don't know enough about BSD but in general, you want the
> packet filter
> scripts to run early, even before network devices are up and
> running
> because if you have a system hang in between starting the
> network
> devices and the packet filtering, you have a very exposed
> system.
>
> I would suspect that the reason you are wanting to fiddle with
> what is
> probably an already well considered sequence is to try to get
> around a
> problem that should probably be solved elsewhere.
>
> It seems to me that having pf, samba and openvpn load in this
> order is
> the logical way. Whatever problems you are experiencing are
> probably
> best solved without tinkering with this.
>
> Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)