Bug 211928

Summary: [pf] /etc/rc.d/pf should REQUIRE routing
Product: Base System Reporter: Robert Schulze <rs>
Component: confAssignee: freebsd-rc (Nobody) <rc>
Status: New ---    
Severity: Affects Only Me Keywords: patch
Priority: ---    
Version: 11.2-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
/etc/rc.d/pf: move routing to REQUIRE none

Description Robert Schulze 2016-08-17 09:10:27 UTC
Created attachment 173767 [details]
/etc/rc.d/pf: move routing to REQUIRE

When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in /etc/pf.conf, these hostnames cannot be resolved via external nameservers because the default route is not yet set. This results in an empty (all open) ruleset.

Fix: move routing from BEFORE to REQUIRE.

Since r195026 already put netif back to REQUIRE, this change does not affect the issue that the firewall should rather have been setup _before_ any network traffic can occur.

with kind regards,
Robert Schulze