tech-security: Re: pf doesn't start normally anymore

Subject: Re: pf doesn't start normally anymore
To: Mipam <mipam@ibb.net>
From: Luke Mewburn <lukem@NetBSD.org>
List: tech-security
Date: 08/11/2005 09:17:37

--QVzQgM+zdZ3YWXqn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Aug 11, 2005 at 12:13:56AM +0200, Mipam wrote:
  | Also there is no problem running pf after the complete boot.
  | What could be the problem here?

For the same rationale that rc.d/ipfilter aborts the boot:
if you accidentally install a broken packet filter ruleset
and reboot the system you may end up with a running system
that has less strict filter rules than you expect.
With the change made to rc.d/pf, pf now acts as the startup
for IPfilter.

Luke.

--QVzQgM+zdZ3YWXqn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFC+osRpBhtmn8zJHIRAk+rAJ99+lrQYkTJ/WyW0Rfe6lG6cTzCmwCfWJlw
HsLcKr0CA3wDQCV1CQwbjMs=
=zUf6
-----END PGP SIGNATURE-----

--QVzQgM+zdZ3YWXqn--