[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: initial pf-rules -> sysctl -> networking

To: Han Boetes <han@mijncomputer.nl>
Subject: Re: initial pf-rules -> sysctl -> networking
From: Gerber Simon <sigex@gmx.net>
Date: Sun, 02 Nov 2003 23:03:23 +0100
Cc: misc@openbsd.org
References: <20031102194243.GC32117@boetes.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3

Hi Han

The practical reason for this is that if you're increasing your kernel 
security level from 1 (default) to 2 it becomes impossible to alter the 
pf rule file. So you've to load it before the sysctls modify the kernel 
security level.

Greez Simon

Han Boetes wrote:
> Hi,
> 
> In /etc/rc first the initial pf-rules are loaded and then the sysctls
> are loaded and then networking is started.
> It seems to be more logical to first load the sysctl, then load the
> initial pf-rules and then networking is started.
> 
> So what's the practical reason for this order?
> 
> 
> 
> # Han

Follow-Ups:
- Re: initial pf-rules -> sysctl -> networking
  - From: Han Boetes <han@mijncomputer.nl>

References:
- initial pf-rules -> sysctl -> networking
  - From: Han Boetes <han@mijncomputer.nl>

Prev by Date: Re: Nested macros problem in pf.conf
Next by Date: tcptraceroute port not functioning property?
Prev by thread: Re: initial pf-rules -> sysctl -> networking
Next by thread: Re: initial pf-rules -> sysctl -> networking
Index(es):
- Date
- Thread