Date: Mon, 1 Jun 2009 17:47:47 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Doug Barton <dougb@FreeBSD.org> Cc: svn-src-head@freebsd.org, max@love2party.net, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r193198 - head/etc/rc.d Message-ID: <20090601174604.J12292@maildrop.int.zabbadoz.net> In-Reply-To: <4A241221.6090707@FreeBSD.org> References: <200906010535.n515Z4qK065272@svn.freebsd.org> <20090601062701.C12292@maildrop.int.zabbadoz.net> <4A241221.6090707@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 1 Jun 2009, Doug Barton wrote: > Bjoern A. Zeeb wrote: >> On Mon, 1 Jun 2009, Doug Barton wrote: >> >>> Author: dougb Date: Mon Jun 1 05:35:03 2009 New Revision: 193198 >>> URL: http://svn.freebsd.org/changeset/base/193198 >>> >>> Log: Make the pf and ipfw firewalls start before netif, just like >>> ipfilter already does. This eliminates a logical inconsistency, >>> and a small window where the system is open after the network >>> comes up. >> >> Unfortunetaly this is contrary to a lot of PRs and requests on >> mailing lists out there that actually want the netif/network_ipv6 >> to be run _before_ things come up. > > Can you provide links to some of those PRs? I'd love to learn more > about this issue. PR 130381 has one report and I had added another link to a freebsd-rc post at one point. -- Bjoern A. Zeeb The greatest risk is not taking one.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090601174604.J12292>