On Mon, Jan 5, 2015 at 1:28 PM, Willy Offermans <wi...@offermans.rompen.nl> wrote:
> Hello Luigi and FreeBSD friends, > > I do top posting. > > So there might be a chance that someting slips through the firewall > between the start of the firewall and after the bpf traffic of dhclient. > Once the NIC is configured, traffic is possible in principle. > Would it be better to start the bpf traffic of dhclient after the firewall > runs. In the latter case, all will or can work as expected. If yes, how > should this be set? Should one set > > REQUIRE: firewall > > in /etc/rc.d/dhclient? But there seems no firewall daemon to be present. So > I'm not sure how this should work. > > I believe that when Luigi says "that acts before the firewall has a chance to see the packets", he was not speaking of the RC script order, but about the FreeBSD network stack layer order. Do you confirm Luigi ? Because I've tryed to fix ifpw's RC script order by changing: - /etc/rc.d/ipfw: replaced "REQUIRE: ppp" by "REQUIRE: FILESYSTEMS" (like /etc/rc.d/ipfilter) - /etc/rc.d/netif: Add "ipfw" in the REQUIRE list But no change: DHCP is still allowed. Then, why there are specific DHCP-clients rules in /etc/rc.firewall script (like in WORKSTATION mode) if there are useless ? _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
