In article <412123BA.11223.157499BD@golconda.sit.edu.my>,
	"Joe Lim" <Joe.Lim@sit.edu.my> writes:
> Is there anyway to change the boot sequence in order to let named9
> (from pkgsrc) to run before ipfilter?

You could do that but it would be insecure. "named9" cannot be run before
networking has been configured. And activating IPFilter after networking
has been configured will leave your system unprotected for a few seconds.
You could of course configure IPFilter to block all by default. But
BIND will probably not very well if it isn't allowed to talk with the
rest of the DNS world.

Or in other words: just don't do it.

> In my /etc/ipf.conf, I prefer to use dns name instead of IP.

If the names comes really from remote DNS servers you allow people which
administer or take ownership of those servers to influence your firewall
configuration which also doesn't sound like a good idea.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/