9c1da17e90
derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security |
||
---|---|---|
.. | ||
authpf | ||
etc | ||
examples | ||
ftp-proxy | ||
man | ||
pfctl | ||
pflogd | ||
Makefile | ||
Makefile.inc | ||
compat_openbsd.h |