From 96a94e728e673abb2809c29bf46b9ce6eb7630d1 Mon Sep 17 00:00:00 2001 From: dougb Date: Mon, 1 Jun 2009 05:35:03 +0000 Subject: Make the pf and ipfw firewalls start before netif, just like ipfilter already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up. --- etc/rc.d/ip6fw | 1 - etc/rc.d/ipfilter | 1 - etc/rc.d/ipfs | 1 - etc/rc.d/ipfw | 3 +-- etc/rc.d/ipnat | 1 - etc/rc.d/netif | 3 ++- etc/rc.d/network_ipv6 | 2 +- etc/rc.d/pf | 2 +- etc/rc.d/pflog | 2 +- etc/rc.d/pfsync | 2 +- 10 files changed, 7 insertions(+), 11 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/ip6fw b/etc/rc.d/ip6fw index 131d7a0..ca95d36 100755 --- a/etc/rc.d/ip6fw +++ b/etc/rc.d/ip6fw @@ -5,7 +5,6 @@ # PROVIDE: ip6fw # REQUIRE: routing -# BEFORE: network_ipv6 # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter index b0db802..fd1e99b 100755 --- a/etc/rc.d/ipfilter +++ b/etc/rc.d/ipfilter @@ -5,7 +5,6 @@ # PROVIDE: ipfilter # REQUIRE: FILESYSTEMS -# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs index d9eb62d..9b5ccac 100755 --- a/etc/rc.d/ipfs +++ b/etc/rc.d/ipfs @@ -5,7 +5,6 @@ # PROVIDE: ipfs # REQUIRE: ipnat -# BEFORE: netif # KEYWORD: nojail shutdown . /etc/rc.subr diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw index 2780943..43956e4 100755 --- a/etc/rc.d/ipfw +++ b/etc/rc.d/ipfw @@ -4,8 +4,7 @@ # # PROVIDE: ipfw -# REQUIRE: ppp -# BEFORE: NETWORKING +# REQUIRE: FILESYSTEMS # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat index 00434d5..6bf2e08 100755 --- a/etc/rc.d/ipnat +++ b/etc/rc.d/ipnat @@ -5,7 +5,6 @@ # PROVIDE: ipnat # REQUIRE: ipfilter -# BEFORE: DAEMON netif # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/netif b/etc/rc.d/netif index ad39f7f..7d630c5 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -26,7 +26,8 @@ # # PROVIDE: netif -# REQUIRE: atm1 cleanvar ipfilter FILESYSTEMS serial sppp sysctl +# REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl +# REQUIRE: ipfilter ipfs pf ipfw # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/network_ipv6 b/etc/rc.d/network_ipv6 index d474164..381ced0 100755 --- a/etc/rc.d/network_ipv6 +++ b/etc/rc.d/network_ipv6 @@ -29,7 +29,7 @@ # # PROVIDE: network_ipv6 -# REQUIRE: routing +# REQUIRE: routing ip6fw # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/pf b/etc/rc.d/pf index f1044a3..21ce825 100755 --- a/etc/rc.d/pf +++ b/etc/rc.d/pf @@ -4,7 +4,7 @@ # # PROVIDE: pf -# REQUIRE: FILESYSTEMS netif pflog pfsync +# REQUIRE: FILESYSTEMS pflog pfsync # BEFORE: routing # KEYWORD: nojail diff --git a/etc/rc.d/pflog b/etc/rc.d/pflog index 001ad38..b6398a1 100755 --- a/etc/rc.d/pflog +++ b/etc/rc.d/pflog @@ -4,7 +4,7 @@ # # PROVIDE: pflog -# REQUIRE: FILESYSTEMS netif cleanvar +# REQUIRE: FILESYSTEMS cleanvar # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync index 8be8928..ba86154 100755 --- a/etc/rc.d/pfsync +++ b/etc/rc.d/pfsync @@ -4,7 +4,7 @@ # # PROVIDE: pfsync -# REQUIRE: FILESYSTEMS netif +# REQUIRE: FILESYSTEMS # KEYWORD: nojail . /etc/rc.subr -- cgit v1.1