Date: Tue, 23 Jan 2007 23:34:24 -0000 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Martin Turgeon'" <turgeon.martin@gmail.com> Cc: freebsd-pf@freebsd.org Subject: RE: PF in kernel or as a module Message-ID: <000001c73f47$041659b0$0c430d10$@Hennessy@nviz.net> In-Reply-To: <45B684BD.8090706@gmail.com>
index | next in thread | previous in thread | raw e-mail
> Hi all! > > I would like to start a debate on this subject. Which method of > enabling > PF is the more secure (buffer overflow for example), the fastest, the > most stable, etc. I searched the web for some info but without result. > So I would like to know your opinion on the pros and cons of each > method. For production Freebsd based firewalls I have always built the kernel with PF. The idea being that if something does go pear shaped, there's a good chance that at least the packet filter will stay operational. OpenBSDs standard pre loaded /etc/rc filter (which drops everything except ssh & IIRC dns) would also be nice, but my understanding is that to implement it on Free would break the startup elsewhere. Greghome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c73f47$041659b0$0c430d10$>