Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

PF.BOOT.CONF(5)               File Formats Manual              PF.BOOT.CONF(5)

     pf.boot.conf - initial configuration for packet filter

     The pf.boot.conf file is used as initial configuration for the pf(4)
     packet filter.  This file is loaded before the network is configured by
     the rc.d(8) script network.  Its purpose is to protect the machine from
     possible attacks between the network configuration and the loading of the
     final ruleset.

     The syntax of this file is described in pf.conf(5).

     Note that at the stage the configuration is loaded, the network
     interface(s) do not have an IP address yet, so you cannot use rules that
     derive addresses from an interface (for example: "pass out from any to

     /etc/defaults/pf.boot.conf  Default initial ruleset file.
     /etc/pf.boot.conf           Override of the default initial ruleset file.

     When using NFS (e.g. diskless situations), you'll also need the following
     rules in addition to the default rules to unblock NFS:

           scrub in all no-df
           pass in proto udp from any port { 111, 2049 } to any
           pass out proto udp from any to any port { 111, 2049 }

     pf(4), pf.conf(5), pfctl(8)

NetBSD 9.99                     August 17, 2005                    NetBSD 9.99