Displaying 2 results from an estimated 2 matches for "pf_boot".
2006 Jul 14
1
Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
...to recipient list as I consider
this issue a security risk]
Paul Schenkeveld wrote:
> Hello,
>
> On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote:
>> Hi,
>>
>> Does anyone know if there are any plans to bring
>> pf boot-time protection (ie. /etc/rc.d/pf_boot and
>> related config files) from NetBSD to FreeBSD ?
>>
>> This would close small (but as far as I understand existing)
>> window during boot where firewall is fully open (if using only
>> pf).
>
> I'd prefer to have PF_DEFAULT_BLOCK analogous to IPFILTER_D...
2007 Jun 13
0
pf does not use IPv6 interface addresses at startups
...netif pflog pfsync
+# REQUIRE: root FILESYSTEMS netif pflog pfsync network_ipv6
# BEFORE: routing
# KEYWORD: nojail
2.
However to protect services during boot I recommend adding pfboot in
/etc/rc.d.
See /etc/rc.d/pfboot reference at NetBSD
http://cvsweb.netbsd.org/bsdweb.cgi/src/etc/rc.d/pf_boot
and
/etc/pf.boot.conf also at NetBSD
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/pf/etc/defaults/pf.boot.conf?rev=1.2&content-type=text/x-cvsweb-markup