From owner-freebsd-rc@FreeBSD.ORG Wed Feb 14 13:06:19 2007 Return-Path: X-Original-To: freebsd-rc@freebsd.org Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 49AE416A401 for ; Wed, 14 Feb 2007 13:06:19 +0000 (UTC) (envelope-from dan@langille.org) Received: from supernews.unixathome.org (supernews.unixathome.org [216.168.29.4]) by mx1.freebsd.org (Postfix) with ESMTP id 3095B13C471 for ; Wed, 14 Feb 2007 13:06:19 +0000 (UTC) (envelope-from dan@langille.org) Received: from localhost (localhost [127.0.0.1]) by supernews.unixathome.org (Postfix) with ESMTP id 54BFE17026; Wed, 14 Feb 2007 04:47:55 -0800 (PST) X-Virus-Scanned: amavisd-new at unixathome.org Received: from supernews.unixathome.org ([127.0.0.1]) by localhost (supernews.unixathome.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WAOQfIS2VgYI; Wed, 14 Feb 2007 04:47:51 -0800 (PST) Received: from bast.unixathome.org (bast.unixathome.org [74.104.199.163]) by supernews.unixathome.org (Postfix) with ESMTP id 57FCF17020; Wed, 14 Feb 2007 04:47:51 -0800 (PST) Received: from [10.55.0.99] (wocker.unixathome.org [10.55.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 07D78B8CE; Wed, 14 Feb 2007 07:47:51 -0500 (EST) From: "Dan Langille" To: "Kian Mohageri" Date: Wed, 14 Feb 2007 07:47:50 -0500 MIME-Version: 1.0 Message-ID: <45D2BEA7.12150.2D35AEAB@dan.langille.org> Priority: normal In-reply-to: References: <45CDED58.2056.1A642A00@dan.langille.org>, <200702132226.40415.max@love2party.net>, X-mailer: Pegasus Mail for Windows (4.41) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Cc: freebsd-rc@freebsd.org, freebsd-pf@freebsd.org Subject: Re: pf starts, but no rules X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 13:06:19 -0000 On 13 Feb 2007 at 21:37, Kian Mohageri wrote: > On 2/13/07, Max Laier wrote: > > > > Does anyone have time to get something like this going for FreeBSD as > > well? > > > > I tested out some solutions. I'm not sure if this is what you guys were > looking to do, but NetBSD's solution seems fine. I'm not thrilled about > using another rc-script to solve this issue, but I couldn't think of a > simpler/more elegant solution. > > Diff is against CURRENT, and I don't currently have any boxes running > CURRENT, but I tested it as much as I could. I'll get a box up to CURRENT > later to test other patches. > > I couldn't decide what to pass in this initial ruleset. Passing SSH seems > safe/smart, but surely not everyone will agree. So long as the initial ruleset can be specified in the config, I see no problem. For example: pf_rules_initial="/etc/pf_intial.rules -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php PGCon - The PostgreSQL Conference - http://www.pgcon.org/