diff options
| author | Pawel Biernacki <kaktus@FreeBSD.org> | 2020-10-08 11:45:10 +0000 |
|---|---|---|
| committer | Mateusz Piotrowski <0mp@FreeBSD.org> | 2022-07-26 14:58:47 +0000 |
| commit | ca80dd4ed3845c0d783e772bf906911b4c23fdc3 (patch) | |
| tree | 4e807cac69d77d1c486e1f457ca434efcf78109b | |
| parent | 5db2f88fa537b851eba1ec26ec4396854bed6f5b (diff) | |
| download | src-ca80dd4ed3845c0d783e772bf906911b4c23fdc3.tar.gz src-ca80dd4ed3845c0d783e772bf906911b4c23fdc3.zip | |
[pf] /etc/rc.d/pf should REQUIRE routing
When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in
/etc/pf.conf, these hostnames cannot be resolved via external nameservers
because the default route is not yet set. This results in an empty
(all open) ruleset.
Since r195026 already put netif back to REQUIRE, this change does not affect
the issue that the firewall should rather have been setup before any
network traffic can occur.
PR: 211928
Submitted by: Robert Schulze
Reported by: Robert Schulze
Tested by: Mateusz Kwiatkowski
No objections from: kp
MFC after: 3 days
(cherry picked from commit 9ef917591248e35efea846d0d743b74503387099)
Approved by: kp
| -rwxr-xr-x | libexec/rc/rc.d/pf | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/libexec/rc/rc.d/pf b/libexec/rc/rc.d/pf index 57de19218fcf..1f7394007667 100755 --- a/libexec/rc/rc.d/pf +++ b/libexec/rc/rc.d/pf @@ -4,8 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync -# BEFORE: routing +# REQUIRE: FILESYSTEMS netif pflog pfsync routing # KEYWORD: nojailvnet . /etc/rc.subr |