pfsync rc script breaks pfsync on cloned interfaces

Doug Barton dougb at FreeBSD.org
Fri Jun 26 04:17:12 UTC 2009


I have reverted the change that caused pf and ipfw to appear before
netif in the rcorder. While I still feel strongly that it is the
"right thing" to configure the firewalls first, the changes caused too
many problems for too many users, and it's too late in the release
cycle to make a change like this that has significant side effects.

I would like to strongly encourage those who use pf and ipfw to
consider doing the work required to make this change possible. With
ipfw it's not quite as urgent since by default it does not pass
packets till it is configured. This is not the case with pf, as its
default is wide open until it is configured.


Doug


More information about the freebsd-current mailing list