summaryrefslogtreecommitdiff
path: root/docs/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'docs/configuration')
-rw-r--r--docs/configuration/firewall/index.rst5
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 9f21a772..a5b88839 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -4,6 +4,11 @@
Firewall
########
+.. warning:: Due to a race condition that can lead to a failure during boot
+ process, all interfaces are initialized before firewall is configured. This
+ leads to a situation where the system is open to all traffic, and can be
+ considered as a security risk.
+
As VyOS is based on Linux it leverages its firewall. The Netfilter project
created iptables and its successor nftables for the Linux kernel to
work directly on packet data flows. This now extends the concept of