Date: Thu, 25 Jun 2009 21:17:06 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Ian Freislich <ianf@clue.co.za> Cc: current@freebsd.org Subject: Re: pfsync rc script breaks pfsync on cloned interfaces Message-ID: <4A444BC2.4010606@FreeBSD.org> In-Reply-To: <E1MJoX9-000F3V-6z@clue.co.za> References: <E1MJoX9-000F3V-6z@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
I have reverted the change that caused pf and ipfw to appear before netif in the rcorder. While I still feel strongly that it is the "right thing" to configure the firewalls first, the changes caused too many problems for too many users, and it's too late in the release cycle to make a change like this that has significant side effects. I would like to strongly encourage those who use pf and ipfw to consider doing the work required to make this change possible. With ipfw it's not quite as urgent since by default it does not pass packets till it is configured. This is not the case with pf, as its default is wide open until it is configured. Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A444BC2.4010606>