freebsd-current

[Prev] Thread [Next] | [Prev] Date [Next]

Re: pfsync rc script breaks pfsync on cloned interfaces Doug Barton Fri Jun 26 08:01:09 2009

Dimitry Andric wrote:
> On 2009-06-26 11:04, Max Laier wrote:
>> I would like input about how a very simple "save default" setup could look 
>> like.  A ruleset for pf or ipfw that allows most of the boot process to 
>> complete without opening the host to the outside world, yet.  For extra 
>> points this ruleset is aware of the rc.conf variables and adjusts 
>> accordingly (e.g. opening access to sshd iff it is configured).  In 
>> addition there might be *one or two* configuration variables for the early 
>> stage to open additional ports or to select a default interface.  However, 
>> the fewer the better.
> 
> If you look at how OpenBSD implements their /etc/rc script, you will see
> it first loads a simple PF ruleset, which allows ssh, dns, icmp echo and
> (if applicable) IPv6 routing and neighbor advertisements.
> 
> Then it does the regular network setup (/etc/netstart), followed by
> loading the full PF rules.

I think that would be a great approach, it's just waiting for someone
familiar with pf to implement it. :)

I also forgot to mention, there is no need to include me on future
cc's for this topic.


Regards,

Doug

-- 

    This .signature sanitized for your protection

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

pfsync rc script breaks pfsync on cloned interfaces Ian Freislich

Re: pfsync rc script breaks pfsync on cloned interfaces Doug Barton

Re: pfsync rc script breaks pfsync on cloned interfaces Max Laier

Re: pfsync rc script breaks pfsync on cloned interfaces Dimitry Andric
Re: pfsync rc script breaks pfsync on cloned interfaces Doug Barton <=

Re: pfsync rc script breaks pfsync on cloned interfaces Ian FREISLICH