Date: Wed, 12 Jul 2023 21:51:47 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-hackers@freebsd.org Subject: Re: dis/advantages of compiling in-kernel over kldload Message-ID: <e913ae94-6f9a-13e1-5a0e-9051a1356218@quip.cz> In-Reply-To: <ZK75GyQCxE1YzEav@int21h> References: <ZK7mnohS12eEYoV2@int21h> <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org> <ZK75GyQCxE1YzEav@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/07/2023 21:03, void wrote: [..] > What I'd like to acheive is the following: > > If pf fails to load its ruleset, allow ssh from only this safe IP range > and block everything else. Take a look in to /etc/defaults/rc.conf or man rc.conf for some examples of pf_fallback variables. You can define simple rule or special file to load when your main ruleset (pf.conf) failed to load at boot time. Enable fallback pf_fallback_rules_enable="YES" and then use one of these pf_fallback_rules="block drop log all" pf_fallback_rules_file="/etc/pf-fallback.conf" Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e913ae94-6f9a-13e1-5a0e-9051a1356218>