Date: Sun, 16 Jul 2006 16:54:10 -0400 From: Gary Palmer <gpalmer@freebsd.org> To: freebsd-security@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <20060716205410.GB6444@in-addr.com> In-Reply-To: <20060716202253.GF29207@heff.fud.org.nz> References: <44B7715E.8050906@suutari.iki.fi> <20060714154729.GA8616@psconsult.nl> <44B7D8B8.3090403@suutari.iki.fi> <20060716182315.GC3240@insomnia.benzedrine.cx> <44BA8A95.10300@suutari.iki.fi> <20060716191732.GD3240@insomnia.benzedrine.cx> <44BA9ECA.6090607@suutari.iki.fi> <20060716202253.GF29207@heff.fud.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 17, 2006 at 08:22:53AM +1200, Andrew Thompson wrote: > But.. pf runs before any userland daemons are loaded so how does it > matter if there is a short window between netif and pf if nothing is > listening? That is one use case for PF, where you are protecting the local system. What if you are running PF on a multi-homed host? Is net.inet.ip.forwarding only ever set to 1 by /etc/rc.d/routing, or can that be set by something else before it gets that far? Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060716205410.GB6444>