Any ongoing effort to port /etc/rc.d/pf_boot,
/etc/pf.boot.conf from NetBSD ?
Andrew Thompson
thompsa at freebsd.org
Sun Jul 16 20:22:56 UTC 2006
On Sun, Jul 16, 2006 at 11:17:14PM +0300, Ari Suutari wrote:
> Hi,
>
>
> Daniel Hartmeier wrote:
> >You claimed there was a hole. If you can't explain what it consists of
> >("thing X might get exposed prior to rc.d/pf due to the following
> >sequence of events..."),
>
>
> On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
> pf is run after netif so if one is using only pf as firewall,
> there is a window between run of "netif" and "pf" where network
> interfaces are up but there is no firewall loaded. Adding
> pf_boot, which runs before "netif" would fix this, woudn't it ?
But.. pf runs before any userland daemons are loaded so how does it
matter if there is a short window between netif and pf if nothing is
listening?
Andrew
More information about the freebsd-pf
mailing list