tech-security: Re: pf doesn't start normally anymore

Subject: Re: pf doesn't start normally anymore
To: None <tech-security@NetBSD.org>
From: Lubomir Sedlacik <salo@Xtrmntr.org>
List: tech-security
Date: 08/11/2005 19:12:43

--xe2geHXJg22At20M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 11, 2005 at 07:07:10PM +0200, Peter Postma wrote:
> So, we should start pf after the network is up, then everything should
> be fine. Please try the attached patch.

that's fundamentally wrong approach, though.  starting packet filter
after the network is up leaves window for possible attacks from the
network.

regards,

--=20
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

--xe2geHXJg22At20M
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFC+4cLiwjDDlS8cmMRAooUAJ9eEzph3G0yA3N2jFEtu3deUfDnxQCbBW7L
BSAGW+VUBJsEe9Si+eVches=
=EkTo
-----END PGP SIGNATURE-----

--xe2geHXJg22At20M--