On a NanoBSD firewall, I want to have a separate MAC address on one of the Ethernet interfaces to act as the outer endpoint for IPv6 traffic. This is achieved using a Netgraph eiface:

```plain /etc/rc.local kldload ng_ether ngctl mkpeer sis0: bridge lower link0 ngctl name sis0:lower sis0bridge ngctl connect sis0: sis0bridge: upper link1 ngctl mkpeer sis0bridge: eiface link2 ether ngctl msg sis0: setpromisc 1 ngctl msg sis0: setautosrc 0

ifconfig ngeth0 link 06:00:00:00:00:06


Note that this does *not* include an ifconfig call to
set the interface's IPv6 address: this is done by
devd, which calls the boot scripts' ifconfig routine
when the interface comes up. Thus I have the following
line in /etc/rc.conf:

```plain /etc/rc.conf
ifconfig_ngeth0_ipv6="inet6 fe80::6/64"

If instead of this line I have an explicit ifconfig in /etc/rc.local then there is a race condition between rc.local and devd. If devd runs last, the boot scripts won’t see any IPv6 address configured for the newly created interface in /etc/rc.conf, and they will set ifdisabled on it (blocking all IPv6 traffic, and marking the configured link local address as “tentative”). If devd runs first, the problem is dormant, because setting the link local address clears ifdisabled as a side effect.