NAME
pf.boot.conf —
initial configuration
for packet filter
DESCRIPTION
The
pf.boot.conf file is used as initial configuration for the
pf(4) packet filter. This file is
loaded before the network is configured by the
rc.d(8) script
network. Its purpose is to protect the machine from possible
attacks between the network configuration and the loading of the final
ruleset.
The syntax of this file is described in
pf.conf(5).
Note that at the stage the configuration is loaded, the network interface(s) do
not have an IP address yet, so you
cannot use rules that
derive addresses from an interface (for example: “pass out from any to
fxp0”).
FILES
- /etc/defaults/pf.boot.conf
- Default initial ruleset file.
- /etc/pf.boot.conf
- Override of the default initial ruleset file.
EXAMPLES
When using NFS (e.g. diskless situations), you'll also need the following rules
in addition to the default rules to unblock NFS:
scrub in all no-df
pass in proto udp from any port { 111, 2049 } to any
pass out proto udp from any to any port { 111, 2049 }
SEE ALSO
pf(4),
pf.conf(5),
pfctl(8)