Re: pf options in kernel
- Reply: Kristof Provost : "Re: pf options in kernel"
- In reply to: Kristof Provost : "Re: pf options in kernel"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 16 Nov 2022 00:58:51 UTC
On Tue, Nov 15, 2022 at 10:00:48PM +0100, Kristof Provost wrote: >Configure this in your pf.conf file, not as a kernel option. > >There’s at least one known bug with PF_DEFAULT_TO_DROP: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477 Thanks, noted. >As a general rule you should avoid custom kernel options whenever it’s >remotely possible. I've always thought having a kernel trimmed to only what is required, from a security standpoint, diminishes the attack surface. Is this not the case? --