From owner-freebsd-net@FreeBSD.ORG Sun Aug 26 05:12:54 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F04B16A418 for ; Sun, 26 Aug 2007 05:12:54 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 375D013C459 for ; Sun, 26 Aug 2007 05:12:54 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 19663 invoked by uid 399); 26 Aug 2007 04:46:13 -0000 Received: from localhost (HELO slave.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 26 Aug 2007 04:46:13 -0000 X-Originating-IP: 127.0.0.1 Date: Sat, 25 Aug 2007 21:46:11 -0700 (PDT) From: Doug Barton To: Henri Hennebert In-Reply-To: <46CD8CD3.9090109@restart.be> Message-ID: References: <46CD8CD3.9090109@restart.be> X-message-flag: Outlook -- Not just for spreading viruses anymore! X-OpenPGP-Key-ID: 0xD5B2F0FB Organization: http://www.FreeBSD.org/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=us-ascii Cc: freebsd-net@freebsd.org Subject: Re: Wrong order in rc.d (pf and ipv6) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Aug 2007 05:12:54 -0000 On Thu, 23 Aug 2007, Henri Hennebert wrote: > Hello, > > I notice that after a reboot, my pf rules don't take the ipv6 address > (managed with ipv6_ifconfig_rl0="2001:...:1") into account. > > rcorder /etc/rc.d/* show that pf is started before network_ipv6, is it > normal? The consensus was that all firewalls should be started before all interfaces. That way a system will come up protected with no window of vulnerability. That said, I'm glad someone was able to help you fix your stuff. :) Doug -- This .signature sanitized for your protection