Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?

---

• From: Ari Suutari <ari@xxxxxxxxxxxxxx>
• Date: Sun, 16 Jul 2006 23:28:33 +0300

---

Hi,


Andrew Thompson wrote:

On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
pf is run after netif so if one is using only pf as firewall,
there is a window between run of "netif" and "pf" where network
interfaces are up but there is no firewall loaded. Adding
pf_boot, which runs before "netif" would fix this, woudn't it ?

But.. pf runs before any userland daemons are loaded so how does it
matter if there is a short window between netif and pf if nothing is
listening?

I wasn't thinking about firewall itself, but the network it
protects. But now I notice that routing is run *after* pf
so things should be ok ?

Sorry to be such a pain but I have tried asking about this
many times but got no good answers (and I got even more worried
when I noticed that NetBSD had special boot-time ruleset).

I guess this is case closed then!

Ari S.


_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• References:
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Ari Suutari
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Daniel Hartmeier
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Ari Suutari
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Daniel Hartmeier
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Ari Suutari
  • Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
    • From: Andrew Thompson

• Prev by Date: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
• Next by Date: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
• Previous by thread: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
• Next by thread: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? ... pf_boot, which runs before "netif" would fix this, woudn't it? ... but after the network interfaces, which are detected some lines early. ... Do You Yahoo!? ... Mail has the best spam protection around ... (FreeBSD-Security) RE: HEADSUP: OpenBSD dhclient incoming ... > network_interfaces or removable interfaces. ... available when netif is run at boot. ... accepted tool for performing such tasks, but rcordering puts devd after ... (freebsd-current)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2006-07