Re: Any ongoing effort to port /etc/rc.d/pf_boot,
On Sun, Jul 16, 2006 at 11:17:14PM +0300, Ari Suutari wrote:
> Hi,
>
>
> Daniel Hartmeier wrote:
> >You claimed there was a hole. If you can't explain what it consists of
> >("thing X might get exposed prior to rc.d/pf due to the following
> >sequence of events..."),
>
>
> On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
> pf is run after netif so if one is using only pf as firewall,
> there is a window between run of "netif" and "pf" where network
> interfaces are up but there is no firewall loaded. Adding
> pf_boot, which runs before "netif" would fix this, woudn't it ?
But.. pf runs before any userland daemons are loaded so how does it
matter if there is a short window between netif and pf if nothing is
listening?
Andrew
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 16 篇):