Perhaps I shouldn't be trying to using X on a system that I want really secure. Perhaps I shouldn't be asking questions about pf and problems with X-based apps. But...
I am using pf on FreeBSD RELENG_5_4. usually I run with securelevel=2, and the following question is irrelevent. However, sometimes : ) I like to pop up a gnome-session. When I do, with my pf firewall enabled, the X server starts, but the various apps don't start properly; the screen never gets past the initial "Starting Gnome... splash screen. There is a problem accessing the ~/.gconfd-<username>, and this is the relevent entry in /var/log/messages : Sep 24 09:21:46 H2O gconfd (admin-556): Failed to get lock for daemon, exiting: Failed to lock '/var/tmp/gconfd-admin/lock/ior': probably another process has the lock, or your operating system has NFS file locking misconfigured (Resource temporarily unavailable) The suggestion hinted at by the error is NFS-related but I don't think this is actually true. If I disable pf, the gnome-session starts normally. Can anyone suggest how I might relax my firewall rules to permit correct operation of gconfd-2? btw. If someone can help it means the door to a really secure, GUI capable BSD desktop is wide open. Portsentry watches a handful of ports for common scans; adding to a pf table. Anything that gets through pf will examined with snort, and (you'll like this) I'm working on using bmf to build rules for snort, and when statistically prudent add pf rules via snort2pf or a suitable script. Unifex [EMAIL PROTECTED] -- Aluminium Oxide [EMAIL PROTECTED] -- http://www.fastmail.fm - IMAP accessible web-mail
