mirror of
https://github.com/opnsense/src.git
synced 2026-05-15 18:49:57 -04:00
fae2a8cad3
Support loading a default pf ruleset in case of invalid pf.conf.
If no pf rules are loaded pf will pass/allow all traffic, assuming the
kernel is compiled without PF_DEFAULT_TO_DROP, as is the case in
GENERIC.
In other words: if there's a typo in the main pf_rules we would allow
all traffic. The new default rules minimise the impact of this.
If $pf_program (i.e. pfctl) fails to set $pf_fules and
$pf_fallback_rules_enable is YES we will load $pf_fallback_rules_file if
set, or $pf_fallback_rules.
$pf_fallback_rules can include multiple rules, for example to permit
traffic on a management interface.
$pf_fallback_rules_enable defaults to "NO", preserving historic behaviour.
man page changes by ceri@.
PR: 256410
Reviewed by: donner, kp
Sponsored by: semaphor.dk
Differential Revision: https://reviews.freebsd.org/D30791
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| rc.d | ||
| Makefile | ||
| netstart | ||
| network.subr | ||
| pccard_ether | ||
| rc | ||
| rc.bsdextended | ||
| rc.conf | ||
| rc.firewall | ||
| rc.initdiskless | ||
| rc.resume | ||
| rc.sendmail | ||
| rc.shutdown | ||
| rc.subr | ||
| rc.suspend | ||