search

ioc32 / openhrc

Open Household Router Contraption
Other
13 stars 4 forks source link

PF fails to start if WAN is down #9

Closed saghul closed 9 years ago

saghul commented 9 years ago

Our current rules use "ext_if" to open some ports. Here is an example of the generated rules:

# pfctl -s rules  
match out on re0 inet from 192.168.99.0/24 to any nat-to (re0) round-robin
block return log all
pass inet proto icmp from any to 127.0.0.1
pass inet proto icmp from any to 1.2.3.4
pass inet proto icmp from any to 192.168.99.100
pass inet from 127.0.0.1 to any flags S/SA
pass inet from 1.2.3.4 to any flags S/SA
pass inet from 192.168.99.0/24 to any flags S/SA
pass on lo0 inet6 from fe80::1 to any flags S/SA
pass inet6 from ::1 to any flags S/SA
pass in on re0 inet proto tcp from any to 1.2.3.4 port = 8022 flags S/SA rdr-to 192.168.99.100 port 22
pass on re1 inet proto tcp from any to 192.168.99.100 port = 22 flags S/SA
#

1.2.3.4 was my public IP. When re0 (the WAN port) was down, PF failed to start, and as a result there was no networking. Also, if the IP address in the WAN port changes PF would need to be restarted. I guess we need to find a better approach here.

saghul commented 9 years ago

Fixed in d8ea694cde8dcadfaf84d304862f93016d09ade3 and cf0e517fa8c19640622e3aa56dfdbefe38572c6d