Date: Fri, 14 Jul 2006 17:47:29 +0200 From: Paul Schenkeveld <fb-pf@psconsult.nl> To: freebsd-pf@freebsd.org Subject: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <20060714154729.GA8616@psconsult.nl> In-Reply-To: <44B7715E.8050906@suutari.iki.fi> References: <44B7715E.8050906@suutari.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Fri, Jul 14, 2006 at 01:26:38PM +0300, Ari Suutari wrote: > Hi, > > Does anyone know if there are any plans to bring > pf boot-time protection (ie. /etc/rc.d/pf_boot and > related config files) from NetBSD to FreeBSD ? > > This would close small (but as far as I understand existing) > window during boot where firewall is fully open (if using only > pf). I'd prefer to have PF_DEFAULT_BLOCK analogous to IPFILTER_DEFAULT_BLOCK instead of some magic script closing the hole between driver init and configuration. Always wondered how the OpenBSD -securety minded- people have come up with a packet filter that's open by default. Or am I missing the point here? Regards, Paul Schenkeveld
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060714154729.GA8616>