| History log of /src/usr.sbin/pf/etc/defaults |
| Revision | Date | Author | Comments |
| 1.1 | 23-Aug-2005 |
peter | branches: 1.1.2;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.2 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.1 | 23-Aug-2005 |
tron | file Makefile was added on branch netbsd-3 on 2005-09-02 12:29:37 +0000
|
| 1.5 | 17-Feb-2019 |
gutteridge | pf.boot.conf: remove lingering references to dhclient(8), and while
here, capitalize acronyms. Addresses part of PR misc/53669.
|
| 1.4 | 26-May-2017 |
hauke | branches: 1.4.10;
Enable carp packets early during boot, to avoid gratuitous failovers.
Okayed by christos@
|
| 1.3 | 02-Sep-2007 |
tron | Use "ipv6-icmp" instead of "icmp6" to allow loading these rules again.
Patch supplied by Daniel Horecki in PR bin/36874.
|
| 1.2 | 10-Jan-2006 |
reed | branches: 1.2.10;
Fix mispelling in a comment.
|
| 1.1 | 23-Aug-2005 |
peter | branches: 1.1.2;
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.2 | 02-Sep-2005 |
tron | Pull up following revision(s) (requested by peter in ticket #717):
usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1
usr.sbin/postinstall/postinstall: revision 1.4
etc/rc.d/pf: revision 1.6
etc/rc.d/pf_boot: revision 1.1
usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1
usr.sbin/pf/Makefile: revision 1.7
etc/rc.d/Makefile: revision 1.52
etc/mtree/special: revision 1.89
usr.sbin/pf/man/man5/Makefile: revision 1.5
usr.sbin/pf/etc/defaults/Makefile: revision 1.1
pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
|
| 1.1.2.1 | 23-Aug-2005 |
tron | file pf.boot.conf was added on branch netbsd-3 on 2005-09-02 12:29:37 +0000
|
| 1.2.10.1 | 06-Nov-2007 |
matt | sync with HEAD
|
| 1.4.10.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
