Subject: Re: pf doesn't start normally anymore
To: Peter Postma <email@example.com>
From: mouss <firstname.lastname@example.org>
Date: 08/16/2005 15:44:52
Peter Postma a écrit :
>Which is perhaps ~ 1 or 2 seconds and even then there are no networked
>daemons up. I think this is a bit exaggerated to take into account.
2 seconds may be an issue for the paranoid, and the absence of daemons
doesn't protect from forwarding bad traffic to internal machines.
one way to get around this is to add "ifconfig ... down" in network, and
only make'em up after security scripts have been successfully started.
this way, there is no need to abort the boot if ipf/pf/... fail.