Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf
from NetBSD ?
Ari Suutari
ari at suutari.iki.fi
Fri Jul 14 15:44:36 UTC 2006
Hi,
Vlad GALU wrote:
> On 7/14/06, Ari Suutari <ari at suutari.iki.fi> wrote:
>> Hi,
>>
>> Does anyone know if there are any plans to bring
>> pf boot-time protection (ie. /etc/rc.d/pf_boot and
>> related config files) from NetBSD to FreeBSD ?
>>
>> This would close small (but as far as I understand existing)
>> window during boot where firewall is fully open (if using only
>> pf).
>>
>
> See the mac_ifoff(4) manpage. You can disable your interfaces until
> the system is fully booted.
How well would this work ? I think that idea of pf_boot
is to disable incoming traffic, but allow certain outgoing
traffic like dns. If dns doesn't work during startup (don't
really know about mac_ifoff yet) it will cause problems, for
example sendmail startup might hang for a while.
Ari S.
More information about the freebsd-pf
mailing list