pf & clonable devices

From: Eric Masson (
Date: 01/17/05

  • Next message: Jon Simola: "ALTQ patch for if_vlan.c"
    To: Mailing List FreeBSD Network <>
    Date: Mon, 17 Jan 2005 18:19:55 +0100


    uname -a :
    FreeBSD 5.3-STABLE FreeBSD 5.3-STABLE #0: Tue Jan 11 11:44:56 CET 2005 i386

    kldstat :
    Id Refs Address Size Name
     1 19 0xc0400000 2f6a20 kernel
     2 1 0xc06f7000 14f08 if_ppp.ko
     3 1 0xc070c000 9a88 if_xl.ko
     4 2 0xc0716000 18a44 miibus.ko
     5 1 0xc072f000 39ac ulpt.ko
     6 9 0xc0733000 1357c agp.ko
     7 1 0xc13fa000 1e000 nfsserver.ko
     8 1 0xc1429000 28000 pf.ko

    I'm back at the moment to an isdn line for internet connection, and I'm
    using pppd (kernel ppp) and an isdn TA.

    I'm using Alain Thivillon's SSLTunnel for connection to the main office
    (kernel ppp tunnel encapsulated in a SSL session)

    pppX interfaces are created on demand as pppd is started.

    So I end with a setup like this one :
    ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1524
            inet --> netmask 0xffffff00
    ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
            inet --> netmask 0xffffff00

    kernel ppp doesn't seem to reuse existing pppX devices, it creates new
    ones as needed. PF rules are defined for fixed network devices, so I
    destroy pppX interfaces on ppp shutdown and let pppd recreate them as

    In this case, I need to refresh PF by issuing :
    pfctl -F all -f /etc/pf.conf
    to get traffic passing thru newly recreated ppp0/1 interfaces.

    Is this a feature or a bug ?


    Éric Masson

     Tu as mille fois raison, un abonnement gratuit ce n'est pas un cadeau.
     D'ailleurs quand on a eu le beurre, l'argent et le cul de la crémière,
     à part dire des conneries, il ne reste plus grand chose à faire.
     -+- Biz in GNU : Et là, ça vaut gratuit ou ça fout la chtouille ? -+-
    _______________________________________________ mailing list
    To unsubscribe, send any mail to ""

  • Next message: Jon Simola: "ALTQ patch for if_vlan.c"

    Relevant Pages