Hi, I've been directed here from a FreeBSD newsgroup about this question. I've checked the archives, but found nothing relevant.
Background: I'm upgrading to FreeBSD 6.0-release and want to move from ipf to pf to get the extra flexibility pf offers. However, I have concerns about the security of pf at system startup and when the config file is unusable. In my present /ipf/ setup, the kernel itself is configured to block packets by default, so until ipf starts successfully and unblocks things, the machine (which is the gateway/firewall to my home LAN) is guaranteed secure. In particular, if the config file fails to load for any reason, the firewall fails to a secure mode. As far as I can see with pf though, the system is wide open until the pf config file is loaded successfully. Ordinarily, pf would be started before any services, so it shouldn't normally matter. But under fault conditions, and in particular should the pf config file be unusable for any reason, it seems that my firewall could be wide open, unnoticed, for an indefinite period. Could anyone offer advice please, and perhaps set my mind at rest? Thanks in advance for any comments. -- various incoming sites blocked because of spam; see http://www.scottsonline.org.uk for a list and openpgp crypto key (key fingerprint 2ACC 9F21 5103 F68C 7C32 9EA8 C949 81E1 31C9 1364) [EMAIL PROTECTED] Mike Scott, Harlow, Essex, England
