svn commit: r193198 - head/etc/rc.d
Max Laier
max at love2party.net
Mon Jun 1 06:32:41 UTC 2009
On Monday 01 June 2009 07:35:03 Doug Barton wrote:
> Author: dougb
> Date: Mon Jun 1 05:35:03 2009
> New Revision: 193198
> URL: http://svn.freebsd.org/changeset/base/193198
>
> Log:
> Make the pf and ipfw firewalls start before netif, just like ipfilter
> already does. This eliminates a logical inconsistency, and a small
> window where the system is open after the network comes up.
Can you please add a note about this in UPDATING? It might be a slight
POLA violation for people who rely on the interfaces being configured to
setup the firewall. For instance when one doesn't use dynamic address
rules in pf i.e. "from/to ifX" instead of "from/to (ifX)".
> Modified:
> head/etc/rc.d/ip6fw
> head/etc/rc.d/ipfilter
> head/etc/rc.d/ipfs
> head/etc/rc.d/ipfw
> head/etc/rc.d/ipnat
> head/etc/rc.d/netif
> head/etc/rc.d/network_ipv6
> head/etc/rc.d/pf
> head/etc/rc.d/pflog
> head/etc/rc.d/pfsync
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the svn-src-head
mailing list