Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/etc
History
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules 
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
 		2005-08-23 12:12:56 +00:00
..
defaults Make max_loginlen and max_grouplen 16. 2005-08-22 14:09:23 +00:00
etc.acorn26 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.acorn32 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.algor remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.alpha remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.amd64 Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.amiga add nsmb(4) for NetBSD/amiga 2005-02-20 17:49:49 +00:00
etc.arc Ecoff kernels are no longer needed. 2005-05-23 13:05:04 +00:00
etc.atari remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.bebox remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.cats As requested in PR port-cats/30460 add support for GENERIC.ABLE kernel to 2005-08-07 00:21:38 +00:00
etc.cesfic remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.cobalt remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.dreamcast Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.evbarm add TWINTAIL. 2005-02-27 02:27:12 +00:00
etc.evbmips remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.evbppc Add md-kernel for installation: INSTALL_OPENBLOCKS266. 2005-08-03 14:55:37 +00:00
etc.evbsh3 Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.evbsh5 Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.hp300 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.hp700 add a ramdisk and LIF image for sysinst-based installation. 2005-05-18 14:04:26 +00:00
etc.hpcarm remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.hpcmips remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.hpcsh run getty on /dev/ttyE0 by default. 2004-07-11 16:08:55 +00:00
etc.i386 Add xencons to the default list of devices. Fix port-xen/29887 by Juan RP. 2005-04-06 21:06:28 +00:00
etc.ibmnws remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.iyonix Don't declare ptys in tty's. None of the other ports do this. 2004-11-08 19:59:07 +00:00
etc.luna68k remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.mac68k Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.macppc Enable RAIDframe support in the NetBSD-macppc installation media. 2005-06-09 13:29:57 +00:00
etc.mipsco remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.mmeye remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.mvme68k remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.mvmeppc remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.netwinder remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.news68k remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.newsmips remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.next68k remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.ofppc remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.pc532 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.playstation2 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.pmax Make sure miniroot subdir gets created 2004-12-15 15:03:14 +00:00
etc.pmppc remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.prep remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.sandpoint remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.sbmips Only make bpf, not bpfN 2004-12-02 16:44:28 +00:00
etc.sgimips Tweak the iso-image support: avoid arbitrary hardcoded sizes - use awk to 2005-05-10 21:58:03 +00:00
etc.shark Create wscons devices. 2005-01-09 15:50:53 +00:00
etc.sparc added ttyC00 and ttyC01 fopr the SPARCbook's internal modem and PCMCIA 2005-07-03 18:08:53 +00:00
etc.sparc64 Add an entry for fb1. 2005-06-24 06:43:06 +00:00
etc.sun2 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.sun3 remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
etc.vax Fix previous, caused by premature optimization... 2005-05-02 02:51:04 +00:00
etc.x68k remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
kerberosIV
mtree pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
namedb Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall' 2004-05-16 09:53:09 +00:00
pam.d allow rsh if the user's password is null. from christos. 2005-05-14 15:17:47 +00:00
powerd Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall' 2004-05-16 09:53:09 +00:00
rc.d pf needs to be started after the network is up, because some pf rules 2005-08-23 12:12:56 +00:00
root Use hostname(1) in preference to uname(1) in case /usr isn't mounted. 2005-02-22 09:12:17 +00:00
skel Consistently use CONFIGFILES & CONFIGLINKS (which enable the 'configinstall' 2004-05-16 09:53:09 +00:00
ssh - .isc.netbsd.org aliases are gone 2004-11-07 19:41:45 +00:00
COPYRIGHT
MAKEDEV.awk Make a simple fix for inculsion of disklabel.h. Since this script 2005-06-14 20:47:46 +00:00
MAKEDEV.local add /rescue to the PATH to find chown if /usr is not available yet 2003-12-15 08:57:52 +00:00
MAKEDEV.tmpl Add a driver for Cypress microcontroller based USB serial adapters. 2005-07-30 06:14:49 +00:00
Makefile Consistently use 0664 root:utmp for /var/log/{lastlog,wtmp}{,x}. 2005-05-22 14:34:20 +00:00
aliases
bootptab
changelist
crontab
csh.cshrc
csh.login
csh.logout
daily Small ugly hack -- sed "Mounted on" to "Mount" so that the df line 2005-08-22 14:24:45 +00:00
daily.conf
disktab
dm.conf
floppytab
ftpchroot
ftpusers
gettytab
group Add _pflogd group. 2005-04-05 19:57:30 +00:00
hosts add a dotted alias for localhost so that sendmail doesn't pause on startup 2004-08-29 13:26:17 +00:00
hosts.equiv
hosts.lpd
inetd.conf Add -a valid for PAM. 2005-02-28 02:35:55 +00:00
lkm.conf
locate.conf Configuration file of locate(1) database. 2004-02-06 15:24:25 +00:00
mailer.conf Try to explain what this file does a little bit better. 2005-02-19 17:25:16 +00:00
man.conf
master.passwd Add the _pflogd user which will be used by pflogd(8), the logging daemon 2005-04-04 19:06:43 +00:00
minfree
mkttys remove ad-hok list of pty's from port tty files, and auto-generate it so 2004-06-20 21:30:26 +00:00
monthly Avoid the output "Running xxx.local" if the "xxx.local" script 2004-04-09 17:35:21 +00:00
monthly.conf
motd
mrouted.conf
netconfig
networks
newsyslog.conf Update permissions of /var/log/wtmp{,x} to match those installed by 2005-07-11 08:41:40 +00:00
nsswitch.conf
ntp.conf Add a synopsis, disclaimer, and a hypertext link to the "real" documentation. 2003-12-07 16:11:58 +00:00
passwd.conf
phones
printcap
profile
protocols Update with the iana.org URL, as has been done with services. 2004-06-10 10:06:51 +00:00
rbootd.conf
rc
rc.conf
rc.lkm modload(8) already obtain the value of the machdep.booted_kernel sysctl 2005-03-04 21:11:23 +00:00
rc.local
rc.shutdown
rc.subr * Implement 2004-10-12 14:45:29 +00:00
remote
rpc
security Allow an underscore as first character and embedded underscores & dots 2005-04-11 15:46:42 +00:00
security.conf
services add SIP 2005-08-16 19:41:01 +00:00
shells
sysctl.conf Revert the change in default value of ipv6_v6only. Further discussion 2003-11-03 15:12:06 +00:00
syslog.conf There is really just no point in having every root login get spamming with 2004-07-23 03:45:42 +00:00
weekly Run the "su -m nobody -c locate.updatedb" in a subshell with cd / first. 2004-06-27 13:51:55 +00:00
weekly.conf
wscons.conf Add mention of Portuguese builtin keyboard map. 2004-07-06 04:02:05 +00:00