tech-security: Re: pf doesn't start normally anymore

Subject: Re: pf doesn't start normally anymore
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Martin Husemann <martin@duskware.de>
List: tech-security
Date: 08/16/2005 16:11:25

I'm not sure what interface the script should set to down (and up after the
fillter has been loaded), but wouldn't sysctl net.inet.ip.forwarding=0 work
even better? This, of course, assumes a firewall with no local servers
running (before the filter is loaded, at least).

Martin