Al - pf errors
a guest Dec 7th, 2016 90 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- Thanks for the help on the FreeBSD upgrade from 10.2 to 10.3 on Digital Ocean it worked a treated.
- I tested it first by using the snapshot features provided by Digital Ocean, which work really well. I shutdown my live Droplet down and took a snapshot.
- Power it back on and then create a new temporary droplet from the snapshot with a new IPaddress. Connected it to made sure every thing was working as expected.
- Then I perform the upgrade and everything work perfectly on this temporary droplet. So in my next maintenance window i created a new snapshot on my live droplet and then run the upgrade and it worked great.
- One thing what i have noticed but this was happening for the upgrade.
- I am using PF as my firewall.This work great if you manually start it but i have noticed that after reboot the PF service is not started. But once the system has booted you can login and start PF manually.
- I have pf_enable="yes" in the /etc/rc.conf file.
- in the logs i see the following
- kernel: no IP address found for DNSHostname
- kernel: /etc/firewall:23: could not parse host specification
- kernel: pfctl: Syntax error in config file: pf rules not loaded
- I have a couple of rule which lookup hostname to match in the firewall rules, So it look like that DNS reslouation has not started yet when PF is trying to start and then fails as it has a invaild PF config file. If i change the rules to match a IP address and reboot the server server PF start correctly.
- I have try moving the PF line in the end of the /etc/rc.conf file encase this give enough time for the DNS resolution to work.
- Any ideas how this could be fixed
RAW Paste Data