Subject: Re: initial pf configuration
To: None <>
From: Peter Postma <>
List: tech-security
Date: 08/19/2005 14:51:50
On Thu, Aug 18, 2005 at 02:49:40AM +0200, mouss wrote:
> Peter Postma a ?crit :
> >Hi,
> >
> >I've made a solution for pf(4) startup and the possible security problems.
> >(see recent discussion, subject "pf doesn't start normally anymore") and
> >implemented pf.boot.conf, as suggested by YAMAMOTO Takashi.
> >
> >Attached are the new files and diffs. I'm planning to commit this next
> >week if there are no complaints.
> > 
> >
> What happens if:
> - you need dhcp to configure the rules

I think you mean "to configure the interface" ?

> - you need to allow dhcp traffic before that

I thought that DHCP uses bpf instead of sending/receiving through TCP/IP,
which makes it bypass the packet filter interface.

I use dhcp myself and I did get an IP address with the rules in the
new pf.boot.conf.

Anyway, if someone needs additional rules to setup his network configuration,
the he can always do:
# cp /etc/defaults/pf.boot.conf /etc
# vi /etc/pf.boot.conf

Peter Postma