Date: Wed, 24 Jan 2007 01:53:25 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: PF in kernel or as a module Message-ID: <200701240153.30454.max@love2party.net> In-Reply-To: <45B684BD.8090706@gmail.com> References: <45B684BD.8090706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tuesday 23 January 2007 22:57, Martin Turgeon wrote: > I would like to start a debate on this subject. Which method of > enabling PF is the more secure (buffer overflow for example), the > fastest, the most stable, etc. I searched the web for some info but > without result. So I would like to know your opinion on the pros and > cons of each method. Kernel module - loaded via loader.conf - is as secure as built in. There is a slight chance, that somebody might be able to compromise the module on disk, but then they are likely to be able to write to the kernel (in the same location) as well. An additional plus is the possibility of freebsd-update if you do not have to build a custom kernel. Note that some features are only available when built in: pfsync and altq - this is not going to change for technical reasons. Performance wise there should be no difference. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBFtq4KXyyEoT62BG0RAmp1AJ9dGZiP04BGnWbQMEFA3OpIid1V5QCdGCpN 9GLlTYgbqoVENsH7CiVWPG4= =rEVm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701240153.30454.max>