Re: boot order (bringing up interaces and ipf)

["Crist J. Clark" <cristjc@earthlink.net>]

On Sun, Jul 01, 2001 at 11:40:28PM -0500, ryc wrote:
> The behavior that I desire is to block packets comming in on ne0 (the
> internet interface) to the port X. I dont want to block any other traffic.
> The reason I want to block these packets is to provide extra security
> against people from the outside accessing my services (such as database
> servers, proxies, ect.. ). The problem is that at the time the ipf rules are
> loaded ne0 does not have an ip address and ipf wont load the rule. Any other
> suggestions?

So what don't you like about this rule?

  block return-rst in log quick on ne0 proto tcp from any to any port = X

It blocks port "X" coming in over ne0, nothing else, and does not
depend on ne0 having an IP address.
-- 
Crist J. Clark                           cjclark@alum.mit.edu