Date: Tue, 30 Jun 2009 17:07:48 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Robert Watson <rwatson@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, Doug Barton <dougb@FreeBSD.org>, src-committers@freebsd.org Subject: Re: svn commit: r195026 - head/etc/rc.d Message-ID: <861vp1220r.fsf@ds4.des.no> In-Reply-To: <alpine.BSF.2.00.0906260942440.34758@fledge.watson.org> (Robert Watson's message of "Fri, 26 Jun 2009 09:43:26 %2B0100 (BST)") References: <200906260104.n5Q14pRu070043@svn.freebsd.org> <alpine.BSF.2.00.0906260942440.34758@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.org> writes: > This sounds right to me, FWIW -- being able to fully configure the > policy before network traffic starts is definitely right in the > abstract, it's just a question of getting there... One option would be to start pf with a pre-cooked rule set that allows only DHCP and nd6 / rtsol or similar, then load the user-provided rule set once all interfaces are up. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?861vp1220r.fsf>