Date: Tue, 26 Jul 2022 15:00:00 GMT From: Mateusz Piotrowski <0mp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: ca80dd4ed384 - stable/12 - [pf] /etc/rc.d/pf should REQUIRE routing Message-ID: <202207261500.26QF00Hu052071@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/12 has been updated by 0mp (doc, ports committer): URL: https://cgit.FreeBSD.org/src/commit/?id=ca80dd4ed3845c0d783e772bf906911b4c23fdc3 commit ca80dd4ed3845c0d783e772bf906911b4c23fdc3 Author: Pawel Biernacki <kaktus@FreeBSD.org> AuthorDate: 2020-10-08 11:45:10 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2022-07-26 14:58:47 +0000 [pf] /etc/rc.d/pf should REQUIRE routing When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in /etc/pf.conf, these hostnames cannot be resolved via external nameservers because the default route is not yet set. This results in an empty (all open) ruleset. Since r195026 already put netif back to REQUIRE, this change does not affect the issue that the firewall should rather have been setup before any network traffic can occur. PR: 211928 Submitted by: Robert Schulze Reported by: Robert Schulze Tested by: Mateusz Kwiatkowski No objections from: kp MFC after: 3 days (cherry picked from commit 9ef917591248e35efea846d0d743b74503387099) Approved by: kp --- libexec/rc/rc.d/pf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index 57de19218fcf..1f7394007667 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -4,8 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync -# BEFORE: routing +# REQUIRE: FILESYSTEMS netif pflog pfsync routing # KEYWORD: nojailvnet . /etc/rc.subr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202207261500.26QF00Hu052071>