Subject: Re: pf doesn't start normally anymore
To: Peter Postma <>
From: mouss <>
List: tech-security
Date: 08/16/2005 15:44:52
Peter Postma a écrit :

>Which is perhaps ~ 1 or 2 seconds and even then there are no networked
>daemons up. I think this is a bit exaggerated to take into account.
2 seconds may be an issue for the paranoid, and the absence of daemons 
doesn't protect from forwarding bad traffic to internal machines.

one way to get around this is to add "ifconfig ... down" in network, and 
only make'em up after security scripts have been successfully started. 
this way, there is no need to abort the boot if ipf/pf/... fail.