From owner-freebsd-stable@FreeBSD.ORG  Fri Mar 16 23:32:26 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E750916A405
	for <freebsd-stable@freebsd.org>; Fri, 16 Mar 2007 23:32:26 +0000 (UTC)
	(envelope-from joao@matik.com.br)
Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 5C7D013C48A
	for <freebsd-stable@freebsd.org>; Fri, 16 Mar 2007 23:32:26 +0000 (UTC)
	(envelope-from joao@matik.com.br)
Received: from ap-h.matik.com.br (ap-h.matik.com.br [200.152.83.36])
	by msrv.matik.com.br (8.13.8/8.13.1) with ESMTP id l2GNWPIZ010770
	for <freebsd-stable@freebsd.org>; Fri, 16 Mar 2007 20:32:25 -0300 (BRT)
	(envelope-from joao@matik.com.br)
From: JoaoBR <joao@matik.com.br>
Organization: Infomatik
To: freebsd-stable@freebsd.org
Date: Fri, 16 Mar 2007 20:33:01 -0300
User-Agent: KMail/1.9.5
References: <200703161152.l2GBqR9q065684@lurza.secnetix.de>
	<200703161800.30583.joao@matik.com.br>
	<20070316215017.GA38114@icarus.home.lan>
In-Reply-To: <20070316215017.GA38114@icarus.home.lan>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Message-Id: <200703162033.01586.joao@matik.com.br>
X-Virus-Scanned: ClamAV version 0.88.4,
	clamav-milter version 0.88.4 on msrv.matik.com.br
X-Virus-Status: Clean
Subject: Re: rc.order wrong (ipfw)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2007 23:32:27 -0000

On Friday 16 March 2007 18:50, Jeremy Chadwick wrote:
> On Fri, Mar 16, 2007 at 06:00:30PM -0300, JoaoBR wrote:
> > man, starting ipfw after network does not mean that the network is not =
up
>
> Okay, imagine this order:
>
> 1) Kernel starts
> 2) Network driver is loaded
> 3) Link is brought up
> 4) Interface is configured for IP (manually or via DHCP)
> 5) Firewall rules (ipfw or pf) are applied
>
> Do you realise that between steps #4 and steps #5 there is a small
> window of time where someone may be able to send packets to your machine
> and get responses which would normally be blocked by ipfw/pf?

nono that is not exactly how it works

unless you change ipfw's default behaviour which is deny all from any to an=
y,=20
nothing goes to this machine because by default everything is blocked until=
=20
you permit it



=2D-=20

Jo=E3o







A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik  https://datacenter.matik.com.br