Subject: Re: New IP filter code
To: Michael Graff <explorer@flame.org>
From: Darren Reed <darrenr@arbld.unimelb.edu.au>
List: tech-kern
Date: 04/28/1997 17:12:15
In some email I received from Michael Graff, sie wrote:
>
> "Perry E. Metzger" <perry@piermont.com> writes:
>
> > > Having to explicitly turn ip_filter *on* is a bug, in some environments.
> >
> > Indeed. You don't want packets to leak during bootup.
>
> Can you turn it on before the interfaces are configured? If so,
> that seems like a workable solution.
WARNING: IP Filter rules for interfaces won't work if the interface isn't
yet defined (but they will load). If I knew at which point things were added
to the ifnet list, then I could say for sure.
To be safe, I'd ifconfig the interfaces (but NOT up), load rules with IPfilter
enabled and then UP the interfaces.
Darren