On Mon, 9 Jan 2006, Olivier Mehani wrote:
> On Mon, Jan 09, 2006 at 08:37:04PM +0100, Otto Moerbeek wrote:
> > > adsl:
> > > ! sh -c "/sbin/ifconfig pflog0 up"
>
> As far as I remember, it's not necessary to ifconfig pflog0 up to use it.
>
> > Why enable pf only when the link is up? It's non-standard and
> > potentially dangarous. You're better of using the standard way of
> > enabling pf.
>
> However non standard, I don't clearly see the potential danger in this. Can
> you
> elaborate ?
- There's a race between getting the net up and pf being enabled. That
means there's a moment in time when you are not protected.
- Assume that sometimes things go wrong. You make a typo in pf.conf,
for example. What would happen if you reboot?
-Otto
