Dimitry Andric wrote: > On 2009-06-26 11:04, Max Laier wrote: >> I would like input about how a very simple "save default" setup could look >> like. A ruleset for pf or ipfw that allows most of the boot process to >> complete without opening the host to the outside world, yet. For extra >> points this ruleset is aware of the rc.conf variables and adjusts >> accordingly (e.g. opening access to sshd iff it is configured). In >> addition there might be *one or two* configuration variables for the early >> stage to open additional ports or to select a default interface. However, >> the fewer the better. > > If you look at how OpenBSD implements their /etc/rc script, you will see > it first loads a simple PF ruleset, which allows ssh, dns, icmp echo and > (if applicable) IPv6 routing and neighbor advertisements. > > Then it does the regular network setup (/etc/netstart), followed by > loading the full PF rules. I think that would be a great approach, it's just waiting for someone familiar with pf to implement it. :) I also forgot to mention, there is no need to include me on future cc's for this topic. Regards, Doug -- This .signature sanitized for your protectionReceived on Fri Jun 26 2009 - 12:56:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:50 UTC