Firewall: add warning message, saying that during boot, all interfaces are loaded before firewall. (#1524)

author: Nicolás Fort <95703796+nicolas-fort@users.noreply.github.com> 2024-08-17 05:23:09 -0300
committer: GitHub <noreply@github.com> 2024-08-17 09:23:09 +0100
commit: 1831fb6d973a4471e70038bb5efef901075b2caa (patch)
tree: 3e94b22692dd46842dab29682a0c4e765e9c604a
parent: 5410ab6dcc6bcbd153ab324c44c3aba060698f10 (diff)
download: vyos-documentation-1831fb6d973a4471e70038bb5efef901075b2caa.tar.gz
vyos-documentation-1831fb6d973a4471e70038bb5efef901075b2caa.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 9f21a772..a5b88839 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -4,6 +4,11 @@
 Firewall
 ########
 
+.. warning:: Due to a race condition that can lead to a failure during boot
+   process, all interfaces are initialized before firewall is configured. This
+   leads to a situation where the system is open to all traffic, and can be
+   considered as a security risk.
+
 As VyOS is based on Linux it leverages its firewall. The Netfilter project
 created iptables and its successor nftables for the Linux kernel to
 work directly on packet data flows. This now extends the concept of
author	Nicolás Fort <95703796+nicolas-fort@users.noreply.github.com>	2024-08-17 05:23:09 -0300
committer	GitHub <noreply@github.com>	2024-08-17 09:23:09 +0100
commit	1831fb6d973a4471e70038bb5efef901075b2caa (patch)
tree	3e94b22692dd46842dab29682a0c4e765e9c604a
parent	5410ab6dcc6bcbd153ab324c44c3aba060698f10 (diff)
download	vyos-documentation-1831fb6d973a4471e70038bb5efef901075b2caa.tar.gz vyos-documentation-1831fb6d973a4471e70038bb5efef901075b2caa.zip