[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf security - is pf failsafe if config file invalid?

Hi, I've been directed here from a FreeBSD newsgroup about this 
question. I've checked the archives, but found nothing relevant.
Background: I'm upgrading to FreeBSD 6.0-release and want to move from 
ipf to pf to get the extra flexibility pf offers.
However, I have concerns about the security of pf at system startup and 
when the config file is unusable. In my present /ipf/ setup, the kernel 
itself is configured to block packets by default, so until ipf starts 
successfully and unblocks things, the machine (which is the 
gateway/firewall to my home LAN) is guaranteed secure. In particular, 
if the config file fails to load for any reason, the firewall fails to 
a secure mode.
As far as I can see with pf though, the system is wide open until the 
pf config file is loaded successfully. Ordinarily, pf would be started 
before any services, so it shouldn't normally matter. But under fault 
conditions, and in particular should the pf config file be unusable for 
any reason, it seems that my firewall could be wide open, unnoticed, 
for an indefinite period.
Could anyone offer advice please, and perhaps set my mind at rest? 
Thanks in advance for any comments.
various incoming sites blocked because of spam; see 
http://www.scottsonline.org.uk for a list and openpgp crypto key
(key fingerprint 2ACC 9F21 5103 F68C 7C32 9EA8 C949 81E1 31C9 1364)
[email protected]    Mike Scott, Harlow, Essex, England