From e3051bd60b845a4008d4f033446ee1e718f9989b Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 15 Jul 2022 15:46:32 +0200 Subject: [PATCH] boot: apply default firewall policy before interface configuration, preventing possible accessibility of local services during the boot process. Although the risk of misuse is likely rather small, we better drop traffic if we don't know what should be allowed yet. Our default policy should take care of standard loopback behaviour, so the impact of this change should be relatively small. --- src/etc/rc.bootup | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/etc/rc.bootup b/src/etc/rc.bootup index d93639d23..3253db16c 100755 --- a/src/etc/rc.bootup +++ b/src/etc/rc.bootup @@ -88,6 +88,9 @@ system_hostname_configure(true); system_hosts_generate(true); system_syslog_start(true); +/* apply default policy before interface setup */ +filter_configure_sync(true, false); + interfaces_configure(true); system_resolvconf_generate(true);