[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF startup on Openbsd 3.6

When Openbsd starts up (and pf is enabled), it first installs a simple
configuration using
rules buried in "/etc/rc". Once that configuration is established, then
the configuration from 
"/etc/pf.conf" is then installed.
The initial configuration (assuming there is no NFS) allows only
outgoing domain requests. 
If your pf.conf file uses dns names, those names must be resolved by
your dns server.
If you have an name server is inside the firewall and some of these
names are external to
your organization, then the name server must forward these request on to
external name servers.
The "/etc/rc" pf configuration blocks these requests and Openbsd does
not boot.
I suggest a minor change which would solve the problem , rather than
"/etc/rc.conf" just allowing
"pf=YES" or "pf=NO", allow it to be "pf="nameserver1_ip namesever2_ip"
as well. and the
rules in "/etc/rc" would have added rules to allowing passing of domain
requests from
any the listed ip addresses.
Another possibility is to just use the address in "/etc/resolv.conf"