pfil revision 7c478bd95313f5f23a4c958a745db2134aa03244
#
# ident "%Z%%M% %I% %E% SMI"
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Autopush pfil on to filtering interfaces and restrict
# network traffic during startup
#
case "$1" in
'start')
# To avoid a window of vulnerability during the time that networking
# is being initialized but before the full ipf.conf configuration is
# loaded, install a temporary, restrictive rule set now, early in
# boot. This gets replaced by the contents of ipf.conf when the
# mounted, the window of vulnerability still exists because we can't
# run the ipf command this early.
echo "pass out from any to any port = 53 keep state" \
fi
;;
*)
echo "Usage: $0 start"
exit 1
;;
esac
exit 0