Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.c
Hi,
Andrew Thompson wrote:
>>
>> On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
>> pf is run after netif so if one is using only pf as firewall,
>> there is a window between run of "netif" and "pf" where network
>> interfaces are up but there is no firewall loaded. Adding
>> pf_boot, which runs before "netif" would fix this, woudn't it ?
>
> But.. pf runs before any userland daemons are loaded so how does it
> matter if there is a short window between netif and pf if nothing is
> listening?
I wasn't thinking about firewall itself, but the network it
protects. But now I notice that routing is run *after* pf
so things should be ok ?
Sorry to be such a pain but I have tried asking about this
many times but got no good answers (and I got even more worried
when I noticed that NetBSD had special boot-time ruleset).
I guess this is case closed then!
Ari S.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 4 之 7 篇):