[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf security - is pf failsafe if config file invalid?



--On November 15, 2005 10:25:44 AM -0700 "Eric S. Pulley"
<[email protected]> wrote:
> --On November 15, 2005 3:32:11 PM +0000 mike scott
> <[email protected]> wrote:
> 
>> On 15 Nov 2005 at 8:58, Peter N. M. Hansteen wrote:
>> ..
>>> The OpenBSD /etc/rc has this code to initialize PF before any 
>> interfaces
>>> are up:
>>> 
>>> if [ "X${pf}" != X"NO" ]; then
>>>         RULES="block all"
>>>         RULES="$RULES\npass on lo0"
>> ....
>>>         echo $RULES | pfctl -f - -e
>>> fi
>>> 
>> And if, for any reason whatsoever, pfctl fails to run? The system 
>> remains wide open.
>> 
>> Yes, that would be an entirely abnormal circumstance. But I have
>> for  example had one freebsd crash ever(!); but this caused minor
>> disk  corruption losing a strange set of files. It could have been
>> pfctl  among them. It seems to me that a firewall needs to be
>> designed to fail  safe as far as is possible.
>> 
>> I'm no kernel code writer. But surely, somewhere in the depths of
>> the  pf code there's currently a decision made rather like:
>> if( got rules )
>> 	obey rules
>> else
>> 	pass packet.
>> 
>> It can't be rocket science to make the 'pass' a 'block' in which
>> case  everything is entirely watertight in the event of virtually
>> /any/  system fault bar kernel corruption. And it can't be too much
>> harder to  make this a compiled-in option, which would keep happy
>> the paranoid,  while allowing those who want remote log-in on
>> failure to do so.
>> 
>> Sorry to labour the point; maybe I'm a lone voice, but I'm a lone
>> voice  that feels very strongly about this issue.
 
Sorry about that everyone.  Didn't mean to repeat same idea.  Hit
Send instead of Cancel...