From kan@FreeBSD.org  Mon Jun  8 00:06:22 2009
Return-Path: <kan@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ACD56106566B;
	Mon,  8 Jun 2009 00:06:22 +0000 (UTC)
	(envelope-from kan@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 9C4D58FC08;
	Mon,  8 Jun 2009 00:06:22 +0000 (UTC)
	(envelope-from kan@FreeBSD.org)
Received: from freefall.freebsd.org (kan@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5806MB0075369;
	Mon, 8 Jun 2009 00:06:22 GMT
	(envelope-from kan@freefall.freebsd.org)
Received: (from kan@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5806MnW075368;
	Mon, 8 Jun 2009 00:06:22 GMT
	(envelope-from kan)
Message-Id: <200906080006.n5806MnW075368@freefall.freebsd.org>
Date: Mon, 8 Jun 2009 00:06:22 GMT
From: Alexander Kabaev <kan@FreeBSD.org>
Reply-To: Alexander Kabaev <kan@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: re@freebsd.org
Subject: pf startup order seems broken
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         135338
>Category:       conf
>Synopsis:       [rc.d] pf startup order seems broken [regression]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-rc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 08 00:10:03 UTC 2009
>Closed-Date:    Thu Oct 25 20:18:07 UTC 2012
>Last-Modified:  Thu Oct 25 20:18:07 UTC 2012
>Originator:     Alexander Kabaev
>Release:        FreeBSD 8.0-CURRENT
>Organization:
>Environment:

FreeBSD kan.dnsalias.net 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Sun Jun  7 16:24:56 EDT 2009     kan@kan.dnsalias.net:/usr/download/src/sys/i386/compile/KAN  i386

>Description:

I upgraded one of my machines from -current as of May 12th and noticed
the following startup scripts breakage: pfctl seems to be running before
any of the interfaces are configured and quite expectedly fails to
process some rules. If someone does not pay attention, he ends up with
completely unprotected host sitting on Internet. Filing this at Sam's
request to alert re@ about possible blocker.


<skip>
ugen2.3: <American Power Conversion> at usbus2
no IP address found for re0:network
/etc/pf_kan.conf:21: 
could not parse host specification
no IP address found for re0:network
/etc/pf_kan.conf:37: 
could not parse host specification
no IP address found for re0:network
/etc/pf_kan.conf:38: 
could not parse host specification

pfctl: 
Syntax error in config file: pf rules not loaded

pf enabled
DHCPREQUEST on vr0 to 255.255.255.255 port 67

DHCPACK from 96.145.104.1

bound to 98.217.224.113 -- renewal in 113063 seconds.

Starting Network: lo0 vr0 re0.

<skip>

>How-To-Repeat:
	Reboot.
>Fix:
	Do not have any yet.
>Release-Note:
>Audit-Trail:

From: Alexander Kabaev <kabaev@gmail.com>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: conf/135338: pf startup order seems broken
Date: Sun, 7 Jun 2009 20:30:37 -0400

 --Sig_/R2IuHN9XeMY1LMZrg4dvZbK
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, 8 Jun 2009 00:10:03 GMT
 FreeBSD-gnats-submit@FreeBSD.org wrote:
 
 > Thank you very much for your problem report.
 > It has the internal identification `conf/135338'.
 > The individual assigned to look at your
 > report is: freebsd-bugs.=20
 >=20
 > You can access the state of your problem report at any time
 > via this link:
 >=20
 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D135338
 >=20
 > >Category:       conf
 > >Responsible:    freebsd-bugs
 > >Synopsis:       pf startup order seems broken
 > >Arrival-Date:   Mon Jun 08 00:10:03 UTC 2009
 
 Follow-up to myself: I understand that changed behavior is an expected
 result of change 193198 by Doug Barton. I think this change if wrong and
 it prevents use of any rules that are not using dynamic address lookups,
 thus I would like to see it backed out.
 
 --=20
 Alexander Kabaev
 
 --Sig_/R2IuHN9XeMY1LMZrg4dvZbK
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Disposition: attachment; filename=signature.asc
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (FreeBSD)
 
 iD8DBQFKLFuzQ6z1jMm+XZYRAkq8AKC4F4rrjNzY9OsHr1DNQ/Y7zpMscQCg2KOV
 YUOGmzM//Y5M+l2ekKhwV1s=
 =uak/
 -----END PGP SIGNATURE-----
 
 --Sig_/R2IuHN9XeMY1LMZrg4dvZbK--
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Mon Jan 4 10:30:20 UTC 2010 
Responsible-Changed-Why:  
Submitter believes this is a regression introduced with r193198 

http://www.freebsd.org/cgi/query-pr.cgi?pr=135338 
State-Changed-From-To: open->closed 
State-Changed-By: crees 
State-Changed-When: Thu Oct 25 20:18:06 UTC 2012 
State-Changed-Why:  
Fixed in r195026 by partial revert of r193198 

http://www.freebsd.org/cgi/query-pr.cgi?pr=135338 
>Unformatted:
