Date: Fri, 16 Mar 2007 14:50:17 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: JoaoBR <joao@matik.com.br> Cc: freebsd-stable@freebsd.org Subject: Re: rc.order wrong (ipfw) Message-ID: <20070316215017.GA38114@icarus.home.lan> In-Reply-To: <200703161800.30583.joao@matik.com.br> References: <200703161152.l2GBqR9q065684@lurza.secnetix.de> <200703160932.16080.joao@matik.com.br> <45FA9E5C.1060404@pp.nic.fi> <200703161800.30583.joao@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 16, 2007 at 06:00:30PM -0300, JoaoBR wrote: > man, starting ipfw after network does not mean that the network is not up Okay, imagine this order: 1) Kernel starts 2) Network driver is loaded 3) Link is brought up 4) Interface is configured for IP (manually or via DHCP) 5) Firewall rules (ipfw or pf) are applied Do you realise that between steps #4 and steps #5 there is a small window of time where someone may be able to send packets to your machine and get responses which would normally be blocked by ipfw/pf? -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070316215017.GA38114>