tech-security: Re: pf's rc.d script & startup priority

Subject: Re: pf's rc.d script & startup priority
To: None <tech-security@NetBSD.org>
From: Luke Mewburn <lukem@NetBSD.org>
List: tech-security
Date: 08/09/2005 13:01:26

--D9sZ58tf58331Q5M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

  | >   | I've tried the REQUIRE line from the ipfilter script in the pf sc=
ript but it
  | >   | still gets ordered too late. Do you have a suggestion?
  | >=20
  | > That's because rc.d/network REQUIREs ipfilter.
  | > You could try
  | > 	BEFORE: network
  | > in rc.d/pf.
  | >=20
  |=20
  | Ah that helps. The ordering is now lkm1, pf, veriexec, ipsec, ipfilter,
  | etc..
  |=20
  | I've attached the diff with changes to the pf script, please review. I'=
ve
  | not yet tested if it works with the LKM, will do that later.

At a glance, I think your changes look OK.


Cheers,
Luke.

--D9sZ58tf58331Q5M
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFC+ByGpBhtmn8zJHIRAgpAAKDOQ3zMarAYy2G+knUJ+BazJ5BFsQCgyJR/
xYSKZjvLiN+Yvnwf+rIV7IU=
=WpZV
-----END PGP SIGNATURE-----

--D9sZ58tf58331Q5M--