Re: pf options in kernel
- Reply: void : "Re: pf options in kernel"
- In reply to: void : "pf options in kernel"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 15 Nov 2022 21:00:48 UTC
On 15 Nov 2022, at 21:47, void wrote: > Is there any advantage to having > device pf > options PF_DEFAULT_TO_DROP > > built into the kernel, over having > > "set block-policy drop" in /etc/pf.conf and "pf_enable="YES"" in /etc/rc.conf?0 > Configure this in your pf.conf file, not as a kernel option. There’s at least one known bug with PF_DEFAULT_TO_DROP: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477 As a general rule you should avoid custom kernel options whenever it’s remotely possible. Kristof