Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/usr.sbin
History
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules 
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
 		2005-08-23 12:12:56 +00:00
..
ac Kill __P(), use ANSI function declarations, constify; WARNS=3 2005-03-16 01:41:20 +00:00
accton Kill __P(), use ANSI function declarations; WARNS=3 2005-03-16 01:43:06 +00:00
altq - add -D to usage 2005-06-17 12:02:00 +00:00
amd Embed machine and cpu architecture correctly by target host environmet, 2005-08-09 21:49:23 +00:00
apm Add 'd' to usage, sort options in usage, sort options in getopt() call. 2005-01-23 20:55:57 +00:00
apmd Kill __P(); WARNS=3 2005-03-16 01:44:46 +00:00
arp Kill __P(), use ANSI function declarations, constify; WARNS=3 2005-03-16 02:04:51 +00:00
bad144 Move UCB-licensed code from 4-clause to 3-clause licence. 2003-08-07 11:25:11 +00:00
bind Remove outdated BIND 8 version of named.conf(5). The build now picks up 2005-07-01 12:10:43 +00:00
bootp usage: Add -f and -m. Use getprogname(). Print to strerr. 2004-11-17 13:28:31 +00:00
catman Add (unsigned char) cast to ctype functions 2004-10-29 20:33:06 +00:00
chown Kill __P(), final round. 2005-03-16 02:55:10 +00:00
chroot Move UCB-licensed code from 4-clause to 3-clause licence. 2003-08-07 11:25:11 +00:00
chrtbl Homogenize usage messages: make the 'usage' word all lowercase, as this seems 2004-01-05 23:23:32 +00:00
cnwctl
cron Set SIGCHLD to SIG_DFL in cron's child; instead of SIG_IGN, which alters the 2005-08-17 22:35:20 +00:00
dev_mkdb Kill __P(), use ANSI function declarations; WARNS=3 2005-03-16 02:56:18 +00:00
dhcp avoid ifconfig <if> "" it serves no purpose 2005-07-16 08:41:27 +00:00
diskpart Add (unsigned char) cast to ctype functions 2004-10-29 20:51:11 +00:00
dumpfs when printing alternate superblocks, cast result of 2004-06-14 07:22:04 +00:00
dumplfs 64 bit inode changes 2005-08-19 02:07:18 +00:00
edquota Homogenize usage messages: make the 'usage' word all lowercase, as this seems 2004-01-05 23:23:32 +00:00
eeprom More fallout from removing the (int) casts from ctype.h 2004-11-08 08:05:20 +00:00
envstat One r in the option string is enough; from Jeff Ito. 2004-06-03 16:48:53 +00:00
eshconfig Non-argument options in SYNOPSIS belong before options with arguments. 2005-06-17 18:22:18 +00:00
etcupdate Tweaks for the move of postinstall from /etc to /usr/sbin 2005-04-17 23:12:40 +00:00
faithd plug memory leak. Patrick Latifi 2005-03-16 05:05:06 +00:00
fssconfig Support user controllable flags for the snapshot driver: 2005-04-17 16:28:26 +00:00
fwctl Sync usage with man page. Use getprogname(). 2005-07-12 09:10:18 +00:00
grfconfig Add casts to unsigned char for the arguments to ctype.h functions. 2004-11-13 14:32:14 +00:00
grfinfo grfinfo(1) is hp300 specific, so move the man page to the hp300 subdir. 2005-08-20 17:21:29 +00:00
gspa Re-order includes so bcopy->memcpy macro redef doesn't cause prototype errors 2005-02-07 06:50:42 +00:00
hilinfo
hprop Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
ifmcstat NI_WITHSCOPEID was not picked up by IETF standardization process. 2004-11-16 05:59:32 +00:00
ifwatchd Sort options in SYNOPSIS. 2004-11-25 16:05:11 +00:00
inetd Don't ignore SIGCHLD, because we are not going to get kqueue notifications 2005-04-09 20:14:55 +00:00
installboot 64 bit inode changes 2005-08-19 02:07:18 +00:00
iopctl
iostat Add tape statistics. 2005-08-07 12:32:38 +00:00
ipf Only compile in IPv6 support if ${USE_INET6} != "no" 2005-01-10 02:58:58 +00:00
ipwctl - KNF 2005-04-03 17:27:15 +00:00
irdaattach
isdn Don't attempt to use an uninitialized variable in a debug message. 2005-06-02 05:54:44 +00:00
iteconfig s/netbsd.org/NetBSD.org/i 2003-11-12 13:31:07 +00:00
iwictl Dd wants long name of the month, not the three-letter one. 2005-06-26 13:12:07 +00:00
kadmin Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
kdc Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
kgmon Change all .Xr config 8 to .Xr config 1, following the recent move of 2005-06-20 13:25:23 +00:00
kstash Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
ktutil Only #define HAVE_IPV6 if ${USE_INET6} != "no". 2005-01-10 03:11:17 +00:00
kvm_mkdb s/netbsd.org/NetBSD.org/i 2003-11-12 13:31:07 +00:00
lastlogin If the passwd entry is not found for a lastlog entry, cons up a fake 2005-04-09 02:13:20 +00:00
link
lpr 64 bit inode changes 2005-08-19 02:07:18 +00:00
lptctl New sentence, new line. 2004-02-04 14:25:13 +00:00
mailwrapper More better description of current state of sendmail stuff in more 2004-07-22 03:44:12 +00:00
makefs fix compilatio problems on LP64 2005-08-20 15:00:27 +00:00
map-mbone Add (unsigned char) cast to ctype functions 2004-10-30 08:46:12 +00:00
mdconfig
mdsetimage Now that <bsd.prog.mk> DTRT if HOSTPROG is defined (i.e, it is a no-op), 2003-05-18 07:57:31 +00:00
memswitch Initialize class and node in modify_single(), as their initial assignment 2005-06-11 18:42:56 +00:00
mld6query usage: Add -d and -r. Use getprogname(). 2004-11-17 13:35:32 +00:00
mlxctl appease gcc -Wuninitialized 2005-06-02 05:58:24 +00:00
mopd Use cloning bpf. 2004-12-01 23:15:08 +00:00
mountd appease gcc -Wuninitialized 2005-06-02 05:58:24 +00:00
moused appease gcc -Wuninitialized 2005-06-02 05:58:24 +00:00
mrinfo Add (unsigned char) cast to ctype functions 2004-10-30 08:56:00 +00:00
mrouted Add (unsigned char) cast to ctype functions 2004-10-30 08:56:00 +00:00
mscdlabel Allow the test for ISO9660 filesystems to be applied to non-CD devices 2005-07-25 11:26:40 +00:00
mtrace Add (unsigned char) cast to ctype functions 2004-10-30 14:31:45 +00:00
mtree appease gcc -Wuninitialized 2005-06-02 05:58:24 +00:00
ndbootd appease gcc -Wuninitialized 2005-06-02 11:29:01 +00:00
ndp change description of -I to meet the current implementation. bump date 2004-10-26 06:42:14 +00:00
netgroup_mkdb
nfsd appease gcc -Wuninitialized 2005-06-02 06:54:02 +00:00
ntp After christos relaxed the tty handling code, we no longer need to 2005-07-17 12:46:51 +00:00
pcictl Update for new pci_devinfo(3) signature. 2004-04-24 13:41:51 +00:00
pf pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
pkg_install Bump version to 20050718 for fixed IGNORE_RECOMMENDS handling. 2005-07-18 09:09:35 +00:00
postinstall pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
powerd Add comma in enumeration; use Aq instead of \*[Lt]\*[Gt]. 2004-05-03 14:23:12 +00:00
pppd If SMALLPROG is set, do not build in PAM support. While there, depend 2005-03-22 22:20:27 +00:00
pstat 64 bit inode changes 2005-08-19 02:07:18 +00:00
pvcsif Only compile in IPv6 support if ${USE_INET6} != "no" 2005-01-10 02:58:58 +00:00
pvctxctl Only compile in IPv6 support if ${USE_INET6} != "no" 2005-01-10 02:58:58 +00:00
pwd_mkdb appease gcc -Wuninitialized 2005-06-02 09:18:14 +00:00
quot fix compilatio problems on LP64 2005-08-20 15:00:27 +00:00
quotacheck 64 bit inode changes 2005-08-19 02:07:18 +00:00
quotaon Remove a superfluous word. From David Krinsky in PR bin/28358. 2004-11-19 21:19:24 +00:00
racoon Add -lcrypt where -lcrypto is specified. 2005-03-09 03:11:22 +00:00
racoonctl Switch to ipsec-tools for libipsec, setkey, and racoon. From 2005-02-19 16:55:02 +00:00
rarpd remove backwards compatibility with non-cloning bpf. 2004-12-01 23:12:11 +00:00
rbootd Mention cloning device. 2004-12-01 23:16:02 +00:00
rdate WARNS=3 2005-06-02 09:21:01 +00:00
repquota make sure there is space between the username and next field when 2005-03-05 14:46:29 +00:00
rip6query Homogenize usage messages: make the 'usage' word all lowercase, as this seems 2004-01-05 23:23:32 +00:00
rmt Move UCB-licensed code from 4-clause to 3-clause licence. 2003-08-07 11:25:11 +00:00
route6d Let it compile again on sparc/sparc64. 2003-10-31 10:09:55 +00:00
rpc.bootparamd Add (unsigned char) cast to ctype functions 2004-10-30 15:15:37 +00:00
rpc.lockd 64 bit inode changes 2005-08-19 02:07:18 +00:00
rpc.pcnfsd Add (unsigned char) cast to ctype functions 2004-10-30 15:28:45 +00:00
rpc.statd init_file: copy status_info from static storage so that 2004-01-14 10:29:46 +00:00
rpc.yppasswdd YP -> NIS 2005-02-26 16:37:40 +00:00
rpcbind Support MKINET6=no building after the -Wuninitalized fix. 2005-06-07 22:21:57 +00:00
rtadvd Add (unsigned char) cast to ctype functions 2004-10-30 15:28:45 +00:00
rtsold constify. 2005-06-27 03:10:32 +00:00
rwhod Add "by default" (Liam Foy) 2005-08-09 23:27:31 +00:00
sa Add (unsigned char) cast to ctype functions 2004-10-30 15:39:39 +00:00
screenblank Consider framebuffers in text emulation mode as regular ttys. Should fix 2004-11-25 20:23:36 +00:00
sendmail
sesd s/the the/the/ (only in sources that aren't regularly imported from 2004-04-23 02:58:27 +00:00
sliplogin Add (unsigned char) cast to ctype functions 2004-10-30 15:39:39 +00:00
slstats Add (unsigned char) cast to ctype functions 2004-10-30 15:39:39 +00:00
sntp "msntp"->"sntp, and adjust location of runtime data files 2003-12-09 11:15:18 +00:00
spray Remove superfluous .Ek. 2003-06-26 10:10:11 +00:00
sunlabel Add (unsigned char) cast to ctype functions 2004-10-30 15:39:39 +00:00
sup Convert from tmpnam()/open() -> snprintf()/mkstemp(); the latter 2005-06-18 11:07:26 +00:00
sushi Restore a part that was lost in rev. 1.44. 2005-07-21 21:48:47 +00:00
syslogd appease gcc -Wuninitialized 2005-06-02 09:42:57 +00:00
tadpolectl use bounded string op 2003-07-13 12:08:28 +00:00
tcpdchk use bounded string op 2003-07-14 09:07:22 +00:00
tcpdmatch
tcpdump Add -lcrypt where -lcrypto is specified. 2005-03-09 03:11:22 +00:00
timed make master() return void. 2005-04-19 03:40:00 +00:00
tpctl Add initialization of a local variable to appease -Wuninitialized. 2005-06-07 14:01:49 +00:00
traceroute The default hops is not 30, but is taken from the net.inet.ip.ttl sysctl 2005-06-14 13:55:59 +00:00
traceroute6 do not disclose endian/pid. henning@openbsd 2004-04-22 01:41:22 +00:00
trpt appease gcc -Wuninitialized 2005-06-02 09:42:57 +00:00
trsp Move UCB-licensed code from 4-clause to 3-clause licence. 2003-08-07 11:25:11 +00:00
unlink
usbdevs Print serial number if there is one. 2005-05-08 08:12:45 +00:00
user Check the return value from mktime() and pass any error up. 2005-08-12 21:40:35 +00:00
videomode use bounded string op 2003-07-13 12:08:28 +00:00
vipw when checking timestamp, check tv_nsec as well. 2005-04-28 08:44:49 +00:00
vnconfig 64 bit inode changes 2005-08-19 02:07:18 +00:00
wiconfig appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00
wlanctl Resolve conflicts in importation of 18-May-2005 ath(4) / net80211(9) 2005-06-22 06:14:51 +00:00
wsconscfg Sync usage with man page. 2005-07-12 08:48:20 +00:00
wsfontload Use ANSI function declarations, constify; WARNS=3 2005-03-16 01:34:11 +00:00
wsmoused appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00
wsmuxctl Add (unsigned char) cast to ctype functions 2004-10-30 15:51:20 +00:00
ypbind Sort SEE ALSO (first section, then name); new sentence, new line; bump date for previous. 2005-02-26 16:19:08 +00:00
yppoll Sort SEE ALSO. 2005-02-26 16:20:36 +00:00
ypserv ypdb_open(): 2005-06-20 00:29:42 +00:00
ypset Sort SEE ALSO (first section, then name); bump date for previous. 2005-02-26 16:20:07 +00:00
zdump
zic Now that <bsd.prog.mk> DTRT if HOSTPROG is defined (i.e, it is a no-op), 2003-05-18 07:57:31 +00:00
Makefile ieee1394 import from FreeBSD. 2005-07-11 15:29:05 +00:00
Makefile.inc