On Wed, Nov 16, 2005 at 10:21:47AM +0800, Lars Hansson wrote: > > And if, for any reason whatsoever, pfctl fails to run? The system > > remains wide open. > > Becasue that happens a lot.... > Oh come on now, this is a fringe case if there ever was one.
The far more common case where exactly this happens is when you update an (OpenBSD) system from source. If you follow the FAQ 5.3.1 [1], you're rebooting into a new kernel before rebuilding userland. Chances are that the userland/kernel API of pf has changed slightly, making old pfctl binaries abort with ioctl failures (these are the cases where people are told to check whether their userland and kernel are out of sync). If you search mailing list archives, this has happened to a number of people over several releases. I suspect the number of people who forget to update userland and accidentally and unknowingly leave the system with a permanently non-functional pf is small compared to those who a) are glad they can still ssh in to finish the update by rebuilding userland b) aren't bothered too much that, during those couple of minutes, pf isn't filtering at all b) after an update, check whether the system comes back up functional, including a brief check of pfctl -si/-sr output If you apply the requested patch, you'll go booking a flight to your server location in this case. Or at least have to get out of your chair and walk to the server room, or annoy someone with a phone call ;) Daniel [1] http://www.openbsd.org/faq/faq5.html#Bld