d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[pf] /etc/rc.d/pf should REQUIRE routing

Browse Source 
When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in
/etc/pf.conf, these hostnames cannot be resolved via external nameservers
because the default route is not yet set. This results in an empty
(all open) ruleset.

Since r195026 already put netif back to REQUIRE, this change does not affect
the issue that the firewall should rather have been setup before any
network traffic can occur.

PR:		211928
Submitted by:	Robert Schulze
Reported by:	Robert Schulze
Tested by:	Mateusz Kwiatkowski
No objections from:	kp
MFC after:	3 days
This commit is contained in:
Pawel Biernacki 2020-10-08 11:45:10 +00:00
parent c3a38d6c91
commit 9ef9175912
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libexec/rc/rc.d/pf
View File

@ -4,8 +4,7 @@
#
# PROVIDE: pf
# REQUIRE: FILESYSTEMS netif pflog pfsync
# BEFORE: routing
# REQUIRE: FILESYSTEMS netif pflog pfsync routing
# KEYWORD: nojailvnet
. /etc/rc.subr