Subject: Re: initial pf configuration
To: None <tech-security@NetBSD.org>
From: Peter Postma <firstname.lastname@example.org>
Date: 08/19/2005 14:51:50
On Thu, Aug 18, 2005 at 02:49:40AM +0200, mouss wrote:
> Peter Postma a ?crit :
> >I've made a solution for pf(4) startup and the possible security problems.
> >(see recent discussion, subject "pf doesn't start normally anymore") and
> >implemented pf.boot.conf, as suggested by YAMAMOTO Takashi.
> >Attached are the new files and diffs. I'm planning to commit this next
> >week if there are no complaints.
> What happens if:
> - you need dhcp to configure the rules
I think you mean "to configure the interface" ?
> - you need to allow dhcp traffic before that
I thought that DHCP uses bpf instead of sending/receiving through TCP/IP,
which makes it bypass the packet filter interface.
I use dhcp myself and I did get an IP address with the rules in the
Anyway, if someone needs additional rules to setup his network configuration,
the he can always do:
# cp /etc/defaults/pf.boot.conf /etc
# vi /etc/pf.boot.conf