Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf
 from NetBSD ?
    Ari Suutari 
    ari at suutari.iki.fi
       
    Sun Jul 16 20:30:54 UTC 2006
    
    
  
Hi,
Andrew Thompson wrote:
>>
>> 	On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
>> 	pf is run after netif so if one is using only pf as firewall,
>> 	there is a window between run of "netif" and "pf" where network
>> 	interfaces are up but there is no firewall loaded. Adding
>> 	pf_boot, which runs before "netif" would fix this, woudn't it ?
> 
> But.. pf runs before any userland daemons are loaded so how does it
> matter if there is a short window between netif and pf if nothing is
> listening?
	I wasn't thinking about firewall itself, but the network it
	protects. But now I notice that routing is run *after* pf
	so things should be ok ?
	Sorry to be such a pain but I have tried asking about this
	many times but got no good answers (and I got even more worried
	when I noticed that NetBSD had special boot-time ruleset).
	I guess this is case closed then!
		Ari S.
    
    
More information about the freebsd-security
mailing list