Robert Watson rwat...@freebsd.org writes:
This sounds right to me, FWIW -- being able to fully configure the
policy before network traffic starts is definitely right in the
abstract, it's just a question of getting there...
One option would be to start pf with a pre-cooked rule set that allows
On 2009-06-30 17:07, Dag-Erling Smørgrav wrote:
One option would be to start pf with a pre-cooked rule set that allows
only DHCP and nd6 / rtsol or similar, then load the user-provided rule
set once all interfaces are up.
Please see also the suggestion here:
On Fri, 26 Jun 2009, Doug Barton wrote:
Reverse the effect of r193198 for pf and ipfw which will once again
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to