<div dir="ltr">I have this problem too, its likely a bug in our PF implementation. What I do is have a little script which I start in the background (using the notty command) from /etc/rc.local which checks whether the DHCP assignment has changed on the interface and then reloads the PF rules if it has.<div><br></div><div>To reload the rules:</div><div><br></div><div>pfctl -d</div><div>pfctl -F all</div><div>pfctl -f /etc/pf.conf</div><div>pfctl -e</div><div><div><br></div><div>There are a few ways to detect whether the DHCP assignment has changed. The easiest is for the script to save the output from the ifconfig command filtering for 'inet'. e.g. something like this:</div><div><br></div><div># set fubar1 to force initial reload</div><div>#</div><div><div>set fubar1 = "xx"</div></div><div><br></div><div>while (1)</div><div> set fubar2 = `ifconfig igb0 | fgrep inet`</div><div> if ( "$fubar1" != "$fubar2" ) then</div><div> (reload PF rules here)</div><div> endif</div><div> sleep 10</div><div> set fubar1 = "$fubar2"</div><div>end</div><div><br></div><div>Obviously not the best solution but it works as a monitor.</div><div><br></div><div>I think PF is supposed to pick-up changes automatically when an interface is specified like that, but our PF doesn't appear to.</div><div><br></div><div>-Matt</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 4, 2016 at 2:33 AM, Richard Nyberg <span dir="ltr"><<a href="mailto:rnyberg@murmeldjur.se" target="_blank">rnyberg@murmeldjur.se</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello users,<br>
<br>
I've set up a df4.6 box as an internet gateway and samba fileserver at<br>
home. It gets it's external IP address via dhcp on re0. The problem is<br>
that after this machine has booted, I need to run "rcrestart pf".<br>
Otherwise the machines on the internal network can't access the<br>
internet.<br>
<br>
Any thought on this? The servers rc.conf and pf.conf are below.<br>
<br>
### pf.conf begin<br>
<br>
ext_if="re0"<br>
int_if="em0"<br>
<br>
scrub in<br>
<br>
nat on $ext_if from $int_if:network -> ($ext_if)<br>
<br>
block in<br>
pass out keep state<br>
<br>
pass quick on { lo $int_if }<br>
<br>
pass in on $ext_if proto tcp to ($ext_if) port ssh keep state<br>
pass in on $ext_if proto { tcp udp } to ($ext_if) port 51403 keep state<br>
pass in on $ext_if proto { tcp udp } to ($ext_if) port 51413 keep state<br>
<br>
### pf.conf end<br>
<br>
### rc.conf begin<br>
<br>
powerd_enable="YES"<br>
dntpd_enable="YES"<br>
samba_enable="YES"<br>
sshd_enable="YES"<br>
<br>
dbus_enable="YES"<br>
avahi_daemon_enable="YES"<br>
<br>
dhcpd_enable="YES"<br>
dhcpd_flags="-q"<br>
dhcpd_conf="/usr/local/etc/<wbr>dhcpd.conf"<br>
dhcpd_ifaces="em0"<br>
dhcpd_withumask="022"<br>
<br>
dumpdev="/dev/serno/<wbr>S246J90Z339652.s1b"<br>
<br>
hostname="gorg.lan"<br>
<br>
ifconfig_re0="DHCP"<br>
ifconfig_em0="inet 10.5.2.1 netmask 0xffffff00"<br>
<br>
gateway_enable="YES"<br>
pf_enable="YES"<br>
<br>
### rc.conf end<br>
<br>
Best regards,<br>
-Richard<br>
</blockquote></div><br></div>