rc.order wrong (ipfw)
JoaoBR
joao at matik.com.br
Fri Mar 16 23:32:27 UTC 2007
On Friday 16 March 2007 18:50, Jeremy Chadwick wrote:
> On Fri, Mar 16, 2007 at 06:00:30PM -0300, JoaoBR wrote:
> > man, starting ipfw after network does not mean that the network is not up
>
> Okay, imagine this order:
>
> 1) Kernel starts
> 2) Network driver is loaded
> 3) Link is brought up
> 4) Interface is configured for IP (manually or via DHCP)
> 5) Firewall rules (ipfw or pf) are applied
>
> Do you realise that between steps #4 and steps #5 there is a small
> window of time where someone may be able to send packets to your machine
> and get responses which would normally be blocked by ipfw/pf?
nono that is not exactly how it works
unless you change ipfw's default behaviour which is deny all from any to any,
nothing goes to this machine because by default everything is blocked until
you permit it
--
João
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-stable
mailing list