Date: Fri, 16 Mar 2007 20:33:01 -0300 From: JoaoBR <joao@matik.com.br> To: freebsd-stable@freebsd.org Subject: Re: rc.order wrong (ipfw) Message-ID: <200703162033.01586.joao@matik.com.br> In-Reply-To: <20070316215017.GA38114@icarus.home.lan> References: <200703161152.l2GBqR9q065684@lurza.secnetix.de> <200703161800.30583.joao@matik.com.br> <20070316215017.GA38114@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 16 March 2007 18:50, Jeremy Chadwick wrote: > On Fri, Mar 16, 2007 at 06:00:30PM -0300, JoaoBR wrote: > > man, starting ipfw after network does not mean that the network is not = up > > Okay, imagine this order: > > 1) Kernel starts > 2) Network driver is loaded > 3) Link is brought up > 4) Interface is configured for IP (manually or via DHCP) > 5) Firewall rules (ipfw or pf) are applied > > Do you realise that between steps #4 and steps #5 there is a small > window of time where someone may be able to send packets to your machine > and get responses which would normally be blocked by ipfw/pf? nono that is not exactly how it works unless you change ipfw's default behaviour which is deny all from any to an= y,=20 nothing goes to this machine because by default everything is blocked until= =20 you permit it =2D-=20 Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703162033.01586.joao>