Module Name:	src
Committed By:	peter
Date:		Tue Aug 23 12:12:56 UTC 2005

Modified Files:
	src/etc/mtree: special
	src/etc/rc.d: Makefile pf
	src/usr.sbin/pf: Makefile
	src/usr.sbin/pf/man/man5: Makefile
	src/usr.sbin/postinstall: postinstall
Added Files:
	src/etc/rc.d: pf_boot
	src/usr.sbin/pf/etc/defaults: Makefile pf.boot.conf
	src/usr.sbin/pf/man/man5: pf.boot.conf.5

Log Message:
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security


To generate a diff of this commit:
cvs rdiff -r1.88 -r1.89 src/etc/mtree/special
cvs rdiff -r1.51 -r1.52 src/etc/rc.d/Makefile
cvs rdiff -r1.5 -r1.6 src/etc/rc.d/pf
cvs rdiff -r0 -r1.1 src/etc/rc.d/pf_boot
cvs rdiff -r1.6 -r1.7 src/usr.sbin/pf/Makefile
cvs rdiff -r0 -r1.1 src/usr.sbin/pf/etc/defaults/Makefile \
    src/usr.sbin/pf/etc/defaults/pf.boot.conf
cvs rdiff -r1.4 -r1.5 src/usr.sbin/pf/man/man5/Makefile
cvs rdiff -r0 -r1.1 src/usr.sbin/pf/man/man5/pf.boot.conf.5
cvs rdiff -r1.3 -r1.4 src/usr.sbin/postinstall/postinstall

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.