On Mon, 9 Jan 2006, Olivier Mehani wrote: > On Mon, Jan 09, 2006 at 08:37:04PM +0100, Otto Moerbeek wrote: > > > adsl: > > > ! sh -c "/sbin/ifconfig pflog0 up" > > As far as I remember, it's not necessary to ifconfig pflog0 up to use it. > > > Why enable pf only when the link is up? It's non-standard and > > potentially dangarous. You're better of using the standard way of > > enabling pf. > > However non standard, I don't clearly see the potential danger in this. Can > you > elaborate ?
- There's a race between getting the net up and pf being enabled. That means there's a moment in time when you are not protected. - Assume that sometimes things go wrong. You make a typo in pf.conf, for example. What would happen if you reboot? -Otto