From e1319722db694d16ad54e5531c5dd606ae0dd0fa Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Thu, 15 Aug 2024 14:42:40 -0300
Subject: [PATCH] Firewall: add warning message, saying that during boot, all
 interfaces are loaded before firewall.

---
 docs/configuration/firewall/index.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst
index 9f21a7728f..a5b88839bf 100644
--- a/docs/configuration/firewall/index.rst
+++ b/docs/configuration/firewall/index.rst
@@ -4,6 +4,11 @@
 Firewall
 ########
 
+.. warning:: Due to a race condition that can lead to a failure during boot
+   process, all interfaces are initialized before firewall is configured. This
+   leads to a situation where the system is open to all traffic, and can be
+   considered as a security risk.
+
 As VyOS is based on Linux it leverages its firewall. The Netfilter project
 created iptables and its successor nftables for the Linux kernel to
 work directly on packet data flows. This now extends the concept of