pf "lost" its rules, due to PPPoE address change?

[Dirk Rösler <dirk@tkm.att.ne.jp>]

Hello list,

I had a strange glitch occurring on reduced OpenBSD 3.2 (Chris' 
flashdisk) running on a Soekris board used as a PPPoE router/firewall.

I realised that the server behind it normally reachable via rdr wasn't 
accessible. When ssh'ing into the firewall I realised that no pf rules 
were loaded (pfctl -s rules = no output).

Looking at my dyndns.org records I noticed that the IP address had 
changed recently. Of course ppp.linkup contains a pfctl reload command, 
yet the rules weren't in. Nothing's in the logs either (pflog not 
running BTW).

It is probably related to the change of the IP address of the PPPoE 
session, and it seems that ppp.linkup wasn't triggered at all (dyndns 
update was done by a cron job it seems). Normally the ppp.linkup stuff 
gets always executed on a change of IP and a log entry is made, this 
time it didn't.

Any ideas how this can be prevented from happening (apart from 
reloading pf rules via cron every 5 seconds)?

Regards

Dirk


# cat /etc/ppp/ppp.linkup
MYADDR:
   ! sh -c "/sbin/pfctl -e -F all -f /etc/pf.conf"
  !bg /bin/ez-ipupdate -c /etc/dyndns.conf
  !bg /usr/sbin/rdate -n ptbtime1.ptb.de

cat /etc/ppp/ppp.conf
default:
  set log Phase Chat IPCP CCP tun command Warning Error Alert LQM
  set redial random
  set reconnect 10 10

pppoe:
  set device "!/usr/sbin/pppoe -i sis0"
  disable acfcomp protocomp
  deny acfcomp
  set mtu max 1492
  set mru max 1492
  set speed sync
  enable lqr
  set lqrperiod 30
  set cd 5
  set dial
  set login
  set crtscts off
  set timeout 0
  set authname 234262466@eac.jpn
  set authkey jh756H7f
  add! default HISADDR
  enable mssfixup
  set server /var/run/internet "" 0177