Date: Thu, 8 Oct 2020 11:45:11 +0000 (UTC) From: Pawel Biernacki <kaktus@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r366537 - head/libexec/rc/rc.d Message-ID: <202010081145.098BjBun018733@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kaktus Date: Thu Oct 8 11:45:10 2020 New Revision: 366537 URL: https://svnweb.freebsd.org/changeset/base/366537 Log: [pf] /etc/rc.d/pf should REQUIRE routing When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in /etc/pf.conf, these hostnames cannot be resolved via external nameservers because the default route is not yet set. This results in an empty (all open) ruleset. Since r195026 already put netif back to REQUIRE, this change does not affect the issue that the firewall should rather have been setup before any network traffic can occur. PR: 211928 Submitted by: Robert Schulze Reported by: Robert Schulze Tested by: Mateusz Kwiatkowski No objections from: kp MFC after: 3 days Modified: head/libexec/rc/rc.d/pf Modified: head/libexec/rc/rc.d/pf ============================================================================== --- head/libexec/rc/rc.d/pf Thu Oct 8 11:30:22 2020 (r366536) +++ head/libexec/rc/rc.d/pf Thu Oct 8 11:45:10 2020 (r366537) @@ -4,8 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync -# BEFORE: routing +# REQUIRE: FILESYSTEMS netif pflog pfsync routing # KEYWORD: nojailvnet . /etc/rc.subr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010081145.098BjBun018733>