From nobody Tue Jul 26 15:00:00 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lsg7N2pmnz4XDsK; Tue, 26 Jul 2022 15:00:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lsg7N2FtZz3GGF; Tue, 26 Jul 2022 15:00:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658847600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lM+WSkYjx3a9nSDX7kvHNWmOF0350QtgBZ+XilaLjLM=; b=QrENl2krMJF8GT5AZgThQdJalDyi2h4mrCz5450eZTeUUv1qkt+5qTS6I9haVbSvEMSlEB 6szRSzJvDclHwaANQHJA3yG5VgsvFd6JNPgadBWFFNz2jEXyuQibHyY5gs195l8rVBOxCi JlGy43RkN+nUrJOSvGHb9p4ctaWE5v9kTPkVhXUvmIMt/TMJ7SZf+MiSMiC54lEdlU6LyP ZyCNHAUGnnWjYcVjbpmGjL/HnMVBcXTe1hMi95kG9g230nrByU5s42Vflw6L8cATaLoVbb MpPlH4VO5WI06yQ7X8Z5sBoAKpvY65+VqqZYCek5Z0uKxV8FotGGF+V3J8aJzQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lsg7N1HjfzgnH; Tue, 26 Jul 2022 15:00:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26QF00aX052082; Tue, 26 Jul 2022 15:00:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26QF00Hu052071; Tue, 26 Jul 2022 15:00:00 GMT (envelope-from git) Date: Tue, 26 Jul 2022 15:00:00 GMT Message-Id: <202207261500.26QF00Hu052071@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mateusz Piotrowski <0mp@FreeBSD.org> Subject: git: ca80dd4ed384 - stable/12 - [pf] /etc/rc.d/pf should REQUIRE routing List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: 0mp X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: ca80dd4ed3845c0d783e772bf906911b4c23fdc3 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1658847600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=lM+WSkYjx3a9nSDX7kvHNWmOF0350QtgBZ+XilaLjLM=; b=KlZicxNKwbmP9UpE2W7YfI/CgndiPd9vBT+JUMZPWoFmicHTU/K8X0Ds8xN/S+h7TI8wW4 9JojvT5YFkUxhCPJjhok8MApS/Z1+4ipqR+Z4oDU6GucNhqaYDgDG6YTYmM3dNQfEdomrU dOtqzht7EdThV9ol7gVKUm8/v1Wpz/zQDycOwuW2uFAyA6oXtSk6W7/VumECvB+22C1Z5K xzzdh0NyzBvPSWXtpG9wii973wZeD7aSH/NwVPw+wu+JiuWmk8bUHbPVdhAh6efbVnAi+L UuVZI9CAH8yHJjfi2DPYD8cJrWXHcIiDJINp2nKUYZWAxSAWWuz4bD96zjL6FQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658847600; a=rsa-sha256; cv=none; b=oHXKN3tuS7BNXanRr1aVNuW9jvUm+scav+IWGkYQYsQxcoNVXAdAK8rbUC3TX9KCuDAFEB XztCRl1SgdbMRWkGv2fpOYyuqCej5ZdSBJgtlTFxQRKyq6SudnJzpuf3LBoUbZPTFFeGyp aolbl39QzaM9ipCz9vn5VbiuxkZ94yfvrabCBg/8khZG4QUChp61yySaMkPNAxfSEKFkeJ DsoCEzOYUKwGFVTVKRTl9VUbHvJu4jbB97wQNXvv1maIZXtmCF5Y9/seI21R3pCky/49Xi MMQbcOTFMCKuqBoQYPD/XnrS/jCzO4NeyrScu29X5mnx5A8ncILUqZx50rHkSA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by 0mp (doc, ports committer): URL: https://cgit.FreeBSD.org/src/commit/?id=ca80dd4ed3845c0d783e772bf906911b4c23fdc3 commit ca80dd4ed3845c0d783e772bf906911b4c23fdc3 Author: Pawel Biernacki AuthorDate: 2020-10-08 11:45:10 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-07-26 14:58:47 +0000 [pf] /etc/rc.d/pf should REQUIRE routing When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in /etc/pf.conf, these hostnames cannot be resolved via external nameservers because the default route is not yet set. This results in an empty (all open) ruleset. Since r195026 already put netif back to REQUIRE, this change does not affect the issue that the firewall should rather have been setup before any network traffic can occur. PR: 211928 Submitted by: Robert Schulze Reported by: Robert Schulze Tested by: Mateusz Kwiatkowski No objections from: kp MFC after: 3 days (cherry picked from commit 9ef917591248e35efea846d0d743b74503387099) Approved by: kp --- libexec/rc/rc.d/pf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index 57de19218fcf..1f7394007667 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -4,8 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync -# BEFORE: routing +# REQUIRE: FILESYSTEMS netif pflog pfsync routing # KEYWORD: nojailvnet . /etc/rc.subr