Opened 3 years ago
Closed 16 months ago
#334 closed System Defect (fixed)
Startup: Error parsing /etc/pf.conf
| Reported by: | bitraptor | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | System Configuration | Version: | 8.1 |
| Keywords: | Cc: | trac-bugs@… |
Description
Version 8.1
On startup following errors appear on the console:
/etc/pf.conf:4: could not parse host specification
/etc/pf.conf:5: could not parse host specification
no IP address found for lo1.network
DHCP active, network access functioning normally
Change History (3)
comment:1 Changed 3 years ago by MSK61
comment:2 Changed 3 years ago by bitraptor
- Version changed from 8.1-RC1 to 8.1
comment:3 Changed 16 months ago by dlavigne
- Resolution set to fixed
- Status changed from new to closed
This has been fixed in 9.0.
Note: See
TracTickets for help on using
tickets.
I've almost run into the same problem. For me, it was due to a line I added to /etc/pf.conf to define a table containing addresses referenced by interface names. The table definition looked something like this:
table <acceptAddr> const { em0, em0:broadcast }
During boot, I saw that same error message complaining this time of em0:broadcast. The problem here is that pf is started before the DHCP, hence the interfaces don't have associated network addresses when pf is started.
However after boot, when I check pf, I found it already started(although the error message showed that it wasn't started due to the errors parsing /etc/pf.conf). I dug after the problem for a while and found out that pf is actually started twice, once at the very beginning with network initialization and some time later during the startup procedure(can't tell where exactly). It's that second time when pf is successfully started(as the network interfaces have acquired addresses by that time).
The problem now is that both times of starting pf is really controlled by the pf_enable variable in /etc/rc.conf(or /etc/rc.conf.local if it's defined there). So setting this variable to "NO" will disable starting pf completely in both times, while setting it to "YES"(as it's by default) will start pf twice, with the first time showing the error messages.
I even tried removing my table definition from /etc/pf.conf and injecting them dynamically later in /etc/rc.local, but I found that /etc/rc.local is executed AFTER the first time and BEFORE the second time, so any dynamic table injections in /etc/rc.local will be overridden when pf is started for the second time.
The final workaround I concluded was to add/edit a line in /etc/rc.conf.local to be
and then start pf manually in /etc/rc.local(creating the file if it doesn't already exist)
Add a corresponding stop command in /etc/rc.shutdown.local(again creating this file it doesn't already exist)
Note the use of onestart/onestop instead of simply start/stop as issuing the latter pair won't work after we've set pf_enable to "NO".
I found the following links useful in reaching this conclusion: