[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf security - is pf failsafe if config file invalid?



On 15 Nov 2005 at 18:40, Daniel Hartmeier wrote:
..
> It's worse than you suspect. If the pfctl binary is corrupt or missing
> and fails to run, pf won't ever get enabled at all. Forget about the
> fact that an empty ruleset means a default-pass policy. That's
I didn't say an /empty/ ruleset. I said /no/ ruleset. It's different.
> irrelevant, all packets will pass because pf simply isn't filtering at
> all in that case ;)
..
> And if you're worried about a corrupted shutdown binary failing, exit
> the rc script. At this point, no local daemons are started and the
> kernel isn't forwarding IP because sysctl.conf hasn't been read yet.
Which doesn't protect the firewall machine itself, if I understand 
correctly.
> And you can't seriously consider using a packet filter that loads as
> kernel module, either. What if the kernel module file gets lost? The
> system fails open.
Not currently an issue, as ipf is statically linked into my kernel, and 
set to block by default. I believe that's pretty well bomb-proof.  I'm 
not even sure, come to think of it, that /pf/ can be statically linked 
into the freebsd kernel; I know that's not a pf issue particularly, but 
is still another nail in the coffin, so to speak, from my perspective.
-- 
various incoming sites blocked because of spam; see 
http://www.scottsonline.org.uk for a list and openpgp crypto key
(key fingerprint 2ACC 9F21 5103 F68C 7C32 9EA8 C949 81E1 31C9 1364)
[email protected]    Mike Scott, Harlow, Essex, England