Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9a5e721b1e
NetBSD/etc/rc.d
History
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules 
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
2005-08-23 12:12:56 +00:00
..
accounting
altqd
amd Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
apmd
bootconf.sh Use new style command substitution. 2004-10-11 15:00:51 +00:00
bootparams
ccd
cgd Revert previous, for now. We don't umount filesystems in the shutdown 2005-03-02 19:09:22 +00:00
cleartmp
cron
DAEMON
dhclient
dhcpd
dhcrelay
dmesg
downinterfaces Use new style command substitution. 2004-10-11 15:00:51 +00:00
fixsb Add a missing space in a comment 2004-12-30 09:32:13 +00:00
fsck
ftpd Add command_args="-D" to the ftpd rc.d script. This flag is always needed 2005-08-09 14:59:33 +00:00
identd
ifwatchd
inetd
ipfilter * Conditionalize flushing of IPv4 vs IPv6 rules based on the existance 2004-12-23 03:31:54 +00:00
ipfs
ipmon
ipnat Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
ipsec
isdnd
kdc
ldconfig
lkm1
lkm2
lkm3
local
LOGIN
lpd
Makefile pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
mixerctl Use new style command substitution. 2004-10-11 15:00:51 +00:00
mopd
motd
mountall
mountcritlocal
mountcritremote
mountd
moused
mrouted
named Improve on the migration bit. Check if files are different, and if not, 2005-07-17 21:28:45 +00:00
ndbootd
network PR/29317: ifconfig.if does not allow parameters with spaces 2005-06-28 13:36:40 +00:00
NETWORKING
newsyslog
nfsd Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
nfslocking Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
ntpd
ntpdate Explicitly REQUIRE mountcritremote, since this uses awk. 2005-03-15 12:06:12 +00:00
pf pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
pf_boot pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
pflogd
poffd
postfix
powerd
ppp Use new style command substitution. 2004-10-11 15:00:51 +00:00
pwcheck
quota
racoon Add the `shutdown' keyword, giving racoon a chance to flush the SAD 2004-12-07 17:37:15 +00:00
raidframe
raidframeparity Use new style command substitution. 2004-10-11 15:00:51 +00:00
rarpd
rbootd
root
route6d
routed Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
rpcbind
rtadvd
rtclocaltime
rtsold
rwho
savecore
screenblank
securelevel Use new style command substitution. 2004-10-11 15:00:51 +00:00
sendmail
SERVERS
smmsp Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
sshd
staticroute
swap1
swap2
sysctl
sysdb Fix for /bin/ksh, from Jukka Salmi in PR 27232. 2004-10-12 13:23:44 +00:00
syslogd
timed
tpctl
ttys Don't try to chmod ptys if we have none. 2004-11-10 05:04:51 +00:00
veriexec Run veriexec before securelevel and sysctl scripts. Suggested by Nino Dehne. 2005-06-15 18:49:40 +00:00
virecover
wdogctl
wscons
wsmoused
xdm
xfs
ypbind Use new style command substitution. 2004-10-11 15:00:51 +00:00
yppasswdd Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5) 2004-10-12 14:51:03 +00:00
ypserv ypserv(8) doesn't need the domainname(1) set -- it will serve any maps 2005-04-01 23:25:29 +00:00