Date: Fri, 14 Jul 2006 13:50:56 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Ari Suutari <ari@suutari.iki.fi> Cc: freebsd-pf@freebsd.org Subject: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <20060714115055.GD1111@zaphod.nitro.dk> In-Reply-To: <44B7715E.8050906@suutari.iki.fi> References: <44B7715E.8050906@suutari.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
--yLVHuoLXiP9kZBkt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2006.07.14 13:26:38 +0300, Ari Suutari wrote: > Does anyone know if there are any plans to bring > pf boot-time protection (ie. /etc/rc.d/pf_boot and > related config files) from NetBSD to FreeBSD ? >=20 > This would close small (but as far as I understand existing) > window during boot where firewall is fully open (if using only > pf). I would really like to see this problem fixed. I have looked at it before, just not gotten around to doing something about it. Without having looked more closely at this pf_boot support from NetBSD it seems like a fine way to deal with the problem. mac_ifoff(4) might be a way to solve this problem, but it seems a bit overkill to require MAC to handle this. --=20 Simon L. Nielsen --yLVHuoLXiP9kZBkt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEt4Ufh9pcDSc1mlERAuOCAKCddVph3UBBpuzvrXvXc9CvZGPsTgCeK2S2 Vb5QlL9t26ZI3LH3Ktn8Ceo= =RbUi -----END PGP SIGNATURE----- --yLVHuoLXiP9kZBkt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060714115055.GD1111>