Date: Fri, 14 Jul 2006 18:44:29 +0300 From: Ari Suutari <ari@suutari.iki.fi> To: Vlad GALU <vladgalu@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <44B7BBDD.8080302@suutari.iki.fi> In-Reply-To: <79722fad0607140413i10a2f5d9pfa0cc4b757e928a8@mail.gmail.com> References: <44B7715E.8050906@suutari.iki.fi> <79722fad0607140413i10a2f5d9pfa0cc4b757e928a8@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Vlad GALU wrote: > On 7/14/06, Ari Suutari <ari@suutari.iki.fi> wrote: >> Hi, >> >> Does anyone know if there are any plans to bring >> pf boot-time protection (ie. /etc/rc.d/pf_boot and >> related config files) from NetBSD to FreeBSD ? >> >> This would close small (but as far as I understand existing) >> window during boot where firewall is fully open (if using only >> pf). >> > > See the mac_ifoff(4) manpage. You can disable your interfaces until > the system is fully booted. How well would this work ? I think that idea of pf_boot is to disable incoming traffic, but allow certain outgoing traffic like dns. If dns doesn't work during startup (don't really know about mac_ifoff yet) it will cause problems, for example sendmail startup might hang for a while. Ari S.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44B7BBDD.8080302>