Date: Wed, 9 Apr 2025 15:48:11 +0800 From: Zhenlei Huang <zlei@FreeBSD.org> To: Robert Austen <robert.austen@willowglensystems.com> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, Kristof Provost <kp@FreeBSD.org>, Cy Schubert <cy@freebsd.org> Subject: Re: pfil_default_to_drop Message-ID: <AE3D71CF-AF58-4F79-AF5C-6CD159C138D5@FreeBSD.org> In-Reply-To: <QB1PPF4C719E46A03770B2C7622042A91B6EFB52@QB1PPF4C719E46A.CANPRD01.PROD.OUTLOOK.COM> References: <YT2PPFD8040D4DA15FF1002CDBF5DE22C41EFAA2@YT2PPFD8040D4DA.CANPRD01.PROD.OUTLOOK.COM> <YT2PPFD8040D4DA456DB44A9D2934D49D21EFAA2@YT2PPFD8040D4DA.CANPRD01.PROD.OUTLOOK.COM> <YT2PPFD8040D4DADEDA66317A6B3E7928C9EFAA2@YT2PPFD8040D4DA.CANPRD01.PROD.OUTLOOK.COM> <274BB159-3CB5-49E0-84E7-A3F4B81BFDC1@FreeBSD.org> <QB1PPF4C719E46A03770B2C7622042A91B6EFB52@QB1PPF4C719E46A.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_26061429-F0E0-4E6E-861C-1085C0A47FDE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Apr 9, 2025, at 1:01 AM, Robert Austen = <robert.austen@willowglensystems.com> wrote: >=20 > I respectfully disagree. >=20 > PF_DEFAULT_TO_DROP has no effect if pfctl does not perform its ioctl = call to enable itself, ie. to apply any hooks. > if pfctl fails, then the hooks are left unhooked, and EVERYTHING = defaults to PASS, which is not what most people would intend using = PF_DEFAULT_TO_DROP. Ahh, I see your problem. Yes, you're right. pf(4) requires ioctl ( = DIOCSTART ) or netlink command to enable it. @Kristof Maybe we also want a loader tunable to enable pf(4) on load ? >=20 > consider this: until pf or ipf or ipfw makes an ioctl to hook = themselves, the pfil layer in the kernel has no idea what the filter = will be, > assuming there even is one. thus PF_DEFAULT_TO_DROP has zero effect = (and likewise the equivalents from the other filters). As for ipfw(4), by default it enables filtering on load, unless you = disable it via loader tunable `net.inet.ip.fw.enable`, = `net.inet6.ip6.fw.enable` and `net.link.ether.ipfw`. The compile option IPFIREWALL_DEFAULT_TO_ACCEPT or loader tunable = `net.inet.ip.fw.default_to_accept` controls the default behavior to drop = or accept. See also = https://cgit.freebsd.org/src/commit/?id=3D5f17ebf94db5ebbc7fdcff60e598498d= f6f9e2bd = <https://cgit.freebsd.org/src/commit/?id=3D5f17ebf94db5ebbc7fdcff60e598498= df6f9e2bd> . >=20 > as I said, this is because there's no mechanism within PFIL to drop by = default, which is why I proposed (and am using on my system) the = PFIL_DEFAULT_TO_DROP, > because it handles ALL of the 'no filter installed (yet)' cases. if = PFIL_DEFAULT_TO_DROP isn't in the kernel config file, my patches have no = effect at all, > so it's a simple mechanism for those that want more than = PF_DEFAULT_TO_DROP can ever provide. It appears ipf(4) unconditionally enable filtering on load, and does not = have any tunables to control that. CC @Cy who is more familiar with = ipf(4). >=20 > thanks! > From: Zhenlei Huang <zlei@FreeBSD.org <mailto:zlei@FreeBSD.org>> > Sent: April 7, 2025 7:55 PM > To: Robert Austen <robert.austen@willowglensystems.com = <mailto:robert.austen@willowglensystems.com>> > Cc: freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org> = <freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org>>; = freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org> = <freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org>>; Kristof = Provost <kp@FreeBSD.org <mailto:kp@FreeBSD.org>> > Subject: Re: pfil_default_to_drop > =20 > You don't often get email from zlei@freebsd.org = <mailto:zlei@freebsd.org>. Learn why this is important = <https://aka.ms/LearnAboutSenderIdentification>=09 >=20 >=20 >> On Apr 8, 2025, at 6:36 AM, Robert Austen = <robert.austen@willowglensystems.com = <mailto:robert.austen@willowglensystems.com>> wrote: >>=20 >>=20 >>=20 >> From: Robert Austen <robert.austen@willowglensystems.com = <mailto:robert.austen@willowglensystems.com>> >> Sent: April 7, 2025 4:33 PM >> To: freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org> = <freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org>>; = freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org> = <freebsd-net@freebsd.org <mailto:freebsd-net@freebsd.org>> >> Subject: Fw: pfil_default_to_drop >> =20 >>=20 >> From: Robert Austen >> Sent: April 7, 2025 4:21 PM >> To: freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org> = <freebsd-current@freebsd.org <mailto:freebsd-current@freebsd.org>> >> Subject: pfil_default_to_drop >> =20 >> Hello, >> I've been playing with FreeBSD and PF to build myself a new firewall, = as Open/FreeBSD + PF seems to be a common starting point. >>=20 >> I've noticed a number of people asking questions about = PF_DEFAULT_TO_DROP and the like, with the observations that it's hard >> to ensure that packets all default to drop if the rule file(s) for = whatever reason fail to load.=20 >=20 > Hi Robert, >=20 > So why not defining the compile option PF_DEFAULT_TO_DROP, and preload = pf.ko ( via the loader(8), /boot/loader.conf ) ? >=20 > With 13.5, or upcoming 14.3 ( you can also experiment latest stable/14 = ), you can turn the loader tunable net.pf.default_to_drop to 1, and = preload pf.ko. > See also = https://cgit.freebsd.org/src/commit/?id=3Dc531c1d1462c45f7ce5de4f991322680= 1f3073bd = <https://cgit.freebsd.org/src/commit/?id=3Dc531c1d1462c45f7ce5de4f99132268= 01f3073bd> . >=20 >>=20 >> After looking thru the online documentation, forums and scripts, I = came to the conclusion that it's not a PF problem or IPFW etc >> or really a problem with any of the filters or scripts, the problem = is at the level of PFIL, the kernel packet filtering code: If no >> filter is loaded, i.e. if the heads are unhooked, then PFIL sends = everything thru to its destination. So my thought=20 >> was to add an option PFIL_DEFAULT_TO_DROP (in essence a PFIL version = of PF_DEFAULT_TO_DROP) that drops all the >> IPv4 and IPv6 packets that would otherwise go thru the = yet-to-be-loaded chosen filter (PF or whatever) at any given time the=20 >> hooks are unhooked.=20 >=20 > If no firewalls loaded, then the system should behave as is. I do not = think PFIL_DEFAULT_TO_DROP is the right way to handle your case. >=20 >>=20 >> [No one filters on local loopback nor the link layer, so I've left = those hooks untouched. I suppose one could add them, >> maybe PFIL_DEFAULT_LOCAL_TO_DROP or PFIL_DEFAULT_LINK_TO_DROP, but I = doubt there's much demand for it.] >>=20 >> Normally I'm an embedded linux kernel basher. >> I'm not entirely sure where to send this patch. Most of the threads = asking the above PF questions are closed to changes, >> so that doesn't seem a good place. Sir Dice seems to be a common = answerer of questions; I would have sent it to him/her=20 >> if I could... >>=20 >> I'm not a user of GIT, so I'm not sure how to submit a "GIT formatted = patch"... >> I've simply diff -rdpNU 5 a copy of the @old folder with a copy of = @new folder. The code was written against FreeBSD-14.1-RELEASE-amd64, >> but I suspect the kernel code in the networking core doesn't change = much from platform to platform, or version to version. >>=20 >> But it works, it's pretty simple, pretty small and so just in case it = might be useful, I'm passing it along. >>=20 >> thanks! >>=20 >>=20 >> Robert >>=20 >>=20 >>=20 >>=20 >> <FreeBSD-14.1-RELEASE-amd64-pfil_default_to_drop.patch.zip> --Apple-Mail=_26061429-F0E0-4E6E-861C-1085C0A47FDE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D""><br = class=3D""><div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On Apr 9, 2025, at 1:01 AM, Robert Austen <<a = href=3D"mailto:robert.austen@willowglensystems.com" = class=3D"">robert.austen@willowglensystems.com</a>> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><meta = charset=3D"UTF-8" class=3D""><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;">I respectfully disagree.</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;"><br = class=3D""></div><div class=3D"elementToProof" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">PF_DEFAULT_TO_DROP has no effect if pfctl does not perform its = ioctl call to enable itself, ie. to apply any hooks.</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;">if pfctl fails, then = the hooks are left unhooked, and EVERYTHING defaults to PASS, which is = not what most people would intend using = PF_DEFAULT_TO_DROP.</div></div></blockquote><div><br = class=3D""></div><div>Ahh, I see your problem. Yes, you're right. pf(4) = requires ioctl ( DIOCSTART ) or netlink command to enable = it.</div><div><br class=3D""></div><div>@Kristof Maybe we also want a = loader tunable to enable pf(4) on load ?</div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;"><br class=3D""></div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;">consider this: until = pf or ipf or ipfw makes an ioctl to hook themselves, the pfil layer in = the kernel has no idea what the filter will be,</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;">assuming there even is = one. thus PF_DEFAULT_TO_DROP has zero effect (and likewise the = equivalents from the other filters).</div></div></blockquote><div><br = class=3D""></div><div>As for ipfw(4), by default it enables filtering on = load, unless you disable it via loader tunable `net.inet.ip.fw.enable`, = `net.inet6.ip6.fw.enable` and `net.link.ether.ipfw`.</div><div><br = class=3D""></div><div>The compile = option IPFIREWALL_DEFAULT_TO_ACCEPT or loader tunable = `net.inet.ip.fw.default_to_accept` controls the default behavior to drop = or accept.</div><div>See also <a = href=3D"https://cgit.freebsd.org/src/commit/?id=3D5f17ebf94db5ebbc7fdcff60= e598498df6f9e2bd" = class=3D"">https://cgit.freebsd.org/src/commit/?id=3D5f17ebf94db5ebbc7fdcf= f60e598498df6f9e2bd</a> .</div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;"><br class=3D""></div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;">as I said, this is = because there's no mechanism within PFIL to drop by default, which is = why I proposed (and am using on my system) the = PFIL_DEFAULT_TO_DROP,</div><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;">because it handles ALL of the 'no filter = installed (yet)' cases. if PFIL_DEFAULT_TO_DROP isn't in the kernel = config file, my patches have no effect at all,</div><div = class=3D"elementToProof" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, = Calibri, Helvetica, sans-serif; font-size: 12pt;">so it's a simple = mechanism for those that want more than PF_DEFAULT_TO_DROP can ever = provide.</div></div></blockquote><div><br class=3D""></div><div>It = appears ipf(4) unconditionally enable filtering on load, and does not = have any tunables to control that. CC @Cy who is more familiar with = ipf(4).</div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D""><div class=3D"elementToProof" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"elementToProof" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;">thanks!</div><div id=3D"appendonsend" = style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: = 13px; font-style: normal; font-variant-caps: normal; font-weight: 400; = letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = -webkit-text-stroke-width: 0px; text-decoration: none;" = class=3D""></div><hr tabindex=3D"-1" style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none; display: inline-block; width: 563.5px;" = class=3D""><span style=3D"caret-color: rgb(0, 0, 0); font-family: = Helvetica; font-size: 13px; font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; float: none; display: inline !important;" class=3D""></span><div = id=3D"divRplyFwdMsg" dir=3D"ltr" style=3D"caret-color: rgb(0, 0, 0); = font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; = text-decoration: none;" class=3D""><font face=3D"Calibri, sans-serif" = style=3D"font-size: 11pt;" class=3D""><b class=3D"">From:</b><span = class=3D"Apple-converted-space"> </span>Zhenlei Huang <<a = href=3D"mailto:zlei@FreeBSD.org" class=3D"">zlei@FreeBSD.org</a>><br = class=3D""><b class=3D"">Sent:</b><span = class=3D"Apple-converted-space"> </span>April 7, 2025 7:55 PM<br = class=3D""><b class=3D"">To:</b><span = class=3D"Apple-converted-space"> </span>Robert Austen <<a = href=3D"mailto:robert.austen@willowglensystems.com" = class=3D"">robert.austen@willowglensystems.com</a>><br class=3D""><b = class=3D"">Cc:</b><span class=3D"Apple-converted-space"> </span><a = href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a><span = class=3D"Apple-converted-space"> </span><<a = href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a>>;<span = class=3D"Apple-converted-space"> </span><a = href=3D"mailto:freebsd-net@freebsd.org" = class=3D"">freebsd-net@freebsd.org</a><span = class=3D"Apple-converted-space"> </span><<a = href=3D"mailto:freebsd-net@freebsd.org" = class=3D"">freebsd-net@freebsd.org</a>>; Kristof Provost <<a = href=3D"mailto:kp@FreeBSD.org" class=3D"">kp@FreeBSD.org</a>><br = class=3D""><b class=3D"">Subject:</b><span = class=3D"Apple-converted-space"> </span>Re: = pfil_default_to_drop</font><div class=3D""> </div></div><div = class=3D"" style=3D"caret-color: rgb(0, 0, 0); font-family: Helvetica; = font-size: 13px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: = none; word-wrap: break-word; line-break: after-white-space;"><table = border=3D"0" cellspacing=3D"0" cellpadding=3D"0" width=3D"100%" = align=3D"left" style=3D"background-image: revert !important; = background-size: revert !important; background-attachment: revert = !important; background-origin: revert !important; background-clip: = revert !important; background-color: revert !important; bottom: revert = !important; color: revert !important; direction: revert !important; = font-size: revert !important; height: revert !important; letter-spacing: = revert !important; line-height: revert !important; margin: revert = !important; opacity: revert !important; order: revert !important; = outline: revert !important; overflow: revert !important; padding: revert = !important; position: revert !important; tab-size: revert !important; = text-align: revert !important; text-indent: revert !important; = text-orientation: revert !important; text-overflow: revert !important; = text-transform: revert !important; top: revert !important; = vertical-align: revert !important; visibility: revert !important; = white-space: revert !important; word-break: revert !important; = word-spacing: revert !important; writing-mode: revert !important; zoom: = revert !important; border: 0px !important; display: table !important; = width: 575px; table-layout: fixed !important; float: none !important; = border-spacing: 0px !important; background-position: revert !important; = background-repeat: revert !important;" class=3D""><tbody = style=3D"background-image: revert !important; background-size: revert = !important; background-attachment: revert !important; background-origin: = revert !important; background-clip: revert !important; background-color: = revert !important; border: revert !important; bottom: revert !important; = color: revert !important; direction: revert !important; font-size: = revert !important; height: revert !important; letter-spacing: revert = !important; line-height: revert !important; margin: revert !important; = opacity: revert !important; order: revert !important; outline: revert = !important; overflow: revert !important; padding: revert !important; = position: revert !important; tab-size: revert !important; table-layout: = revert !important; text-align: revert !important; text-indent: revert = !important; text-orientation: revert !important; text-overflow: revert = !important; text-transform: revert !important; top: revert !important; = vertical-align: revert !important; visibility: revert !important; = white-space: revert !important; width: revert !important; word-break: = revert !important; word-spacing: revert !important; writing-mode: revert = !important; zoom: revert !important; display: block !important; = background-position: revert !important; background-repeat: revert = !important;" class=3D""><tr style=3D"background-image: revert = !important; background-size: revert !important; background-attachment: = revert !important; background-origin: revert !important; = background-clip: revert !important; background-color: revert !important; = border: revert !important; bottom: revert !important; color: revert = !important; direction: revert !important; display: revert !important; = font-size: revert !important; height: revert !important; letter-spacing: = revert !important; line-height: revert !important; margin: revert = !important; opacity: revert !important; order: revert !important; = outline: revert !important; overflow: revert !important; padding: revert = !important; position: revert !important; tab-size: revert !important; = table-layout: revert !important; text-align: revert !important; = text-indent: revert !important; text-orientation: revert !important; = text-overflow: revert !important; text-transform: revert !important; = top: revert !important; vertical-align: revert !important; visibility: = revert !important; white-space: revert !important; width: revert = !important; word-break: revert !important; word-spacing: revert = !important; writing-mode: revert !important; zoom: revert !important; = background-position: revert !important; background-repeat: revert = !important;" class=3D""><td valign=3D"middle" width=3D"1px" = bgcolor=3D"#A6A6A6" cellpadding=3D"7px 2px 7px 2px" = style=3D"background-image: revert !important; background-size: revert = !important; background-attachment: revert !important; background-origin: = revert !important; background-clip: revert !important; border: revert = !important; bottom: revert !important; color: revert !important; = direction: revert !important; display: revert !important; font-size: = revert !important; height: revert !important; letter-spacing: revert = !important; line-height: revert !important; margin: revert !important; = opacity: revert !important; order: revert !important; outline: revert = !important; overflow: revert !important; position: revert !important; = tab-size: revert !important; table-layout: revert !important; = text-align: revert !important; text-indent: revert !important; = text-orientation: revert !important; text-overflow: revert !important; = text-transform: revert !important; top: revert !important; = vertical-align: revert !important; visibility: revert !important; = white-space: revert !important; word-break: revert !important; = word-spacing: revert !important; writing-mode: revert !important; zoom: = revert !important; padding: 7px 2px !important; background-color: = rgb(166, 166, 166) !important; width: 0px !important; = background-position: revert !important; background-repeat: revert = !important;" class=3D""></td><td valign=3D"middle" width=3D"100%" = bgcolor=3D"#EAEAEA" cellpadding=3D"7px 5px 7px 15px" = style=3D"background-image: revert !important; background-size: revert = !important; background-attachment: revert !important; background-origin: = revert !important; background-clip: revert !important; border: revert = !important; bottom: revert !important; direction: revert !important; = display: revert !important; height: revert !important; letter-spacing: = revert !important; line-height: revert !important; margin: revert = !important; opacity: revert !important; order: revert !important; = outline: revert !important; overflow: revert !important; position: = revert !important; tab-size: revert !important; table-layout: revert = !important; text-indent: revert !important; text-orientation: revert = !important; text-overflow: revert !important; text-transform: revert = !important; top: revert !important; vertical-align: revert !important; = visibility: revert !important; white-space: revert !important; = word-break: revert !important; word-spacing: revert !important; = writing-mode: revert !important; zoom: revert !important; width: 541px; = background-color: rgb(234, 234, 234) !important; padding: 7px 5px 7px = 15px !important; font-family: wf_segoe-ui_normal, "Segoe UI", = "Segoe WP", Tahoma, Arial, sans-serif !important; font-size: = 12px !important; font-weight: normal !important; color: rgb(33, 33, 33) = !important; text-align: left !important; word-wrap: break-word = !important; background-position: revert !important; background-repeat: = revert !important;" class=3D""><div style=3D"background-image: revert = !important; background-size: revert !important; background-attachment: = revert !important; background-origin: revert !important; = background-clip: revert !important; background-color: revert !important; = border: revert !important; bottom: revert !important; color: revert = !important; direction: revert !important; display: revert !important; = font-size: revert !important; height: revert !important; letter-spacing: = revert !important; line-height: revert !important; margin: revert = !important; opacity: revert !important; order: revert !important; = outline: revert !important; overflow: revert !important; padding: revert = !important; position: revert !important; tab-size: revert !important; = table-layout: revert !important; text-align: revert !important; = text-indent: revert !important; text-orientation: revert !important; = text-overflow: revert !important; text-transform: revert !important; = top: revert !important; vertical-align: revert !important; visibility: = revert !important; white-space: revert !important; width: revert = !important; word-break: revert !important; word-spacing: revert = !important; writing-mode: revert !important; zoom: revert !important; = background-position: revert !important; background-repeat: revert = !important;" class=3D"">You don't often get email from<span = class=3D"Apple-converted-space"> </span><a = href=3D"mailto:zlei@freebsd.org" class=3D"">zlei@freebsd.org</a>.<span = class=3D"Apple-converted-space"> </span><a = href=3D"https://aka.ms/LearnAboutSenderIdentification" = style=3D"background-image: revert !important; background-size: revert = !important; background-attachment: revert !important; background-origin: = revert !important; background-clip: revert !important; background-color: = revert !important; color: revert !important; direction: revert = !important; display: revert !important; font-size: revert !important; = opacity: revert !important; visibility: revert !important; = background-position: revert !important; background-repeat: revert = !important;" class=3D"">Learn why this is important</a></div></td><td = valign=3D"middle" align=3D"left" width=3D"75px" bgcolor=3D"#EAEAEA" = cellpadding=3D"7px 5px 7px 5px" style=3D"background-image: revert = !important; background-size: revert !important; background-attachment: = revert !important; background-origin: revert !important; = background-clip: revert !important; border: revert !important; bottom: = revert !important; direction: revert !important; display: revert = !important; height: revert !important; letter-spacing: revert = !important; line-height: revert !important; margin: revert !important; = opacity: revert !important; order: revert !important; outline: revert = !important; overflow: revert !important; position: revert !important; = tab-size: revert !important; table-layout: revert !important; = text-indent: revert !important; text-orientation: revert !important; = text-overflow: revert !important; text-transform: revert !important; = top: revert !important; vertical-align: revert !important; visibility: = revert !important; white-space: revert !important; word-break: revert = !important; word-spacing: revert !important; writing-mode: revert = !important; zoom: revert !important; width: 75px !important; = background-color: rgb(234, 234, 234) !important; padding: 7px 5px = !important; font-family: wf_segoe-ui_normal, "Segoe UI", = "Segoe WP", Tahoma, Arial, sans-serif !important; font-size: = 12px !important; font-weight: normal !important; color: rgb(33, 33, 33) = !important; text-align: left !important; word-wrap: break-word = !important; background-position: revert !important; background-repeat: = revert !important;" class=3D""></td></tr></tbody></table><div = class=3D""><br class=3D""><div class=3D""><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D"">On Apr 8, 2025, at 6:36 AM, = Robert Austen <<a href=3D"mailto:robert.austen@willowglensystems.com" = class=3D"">robert.austen@willowglensystems.com</a>> wrote:</div><br = class=3D"x_Apple-interchange-newline"><div class=3D""><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D"x_Apple-interchange-newline"><br class=3D""></div><div= id=3D"x_appendonsend" class=3D"" style=3D"font-family: Helvetica; = font-size: 13px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none;"></div><hr class=3D"" = style=3D"font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; display: inline-block; = width: 576.234375px;"><span class=3D"" style=3D"font-family: Helvetica; = font-size: 13px; font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; float: none; display: inline = !important;"></span><div dir=3D"ltr" id=3D"x_divRplyFwdMsg" class=3D"" = style=3D"font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none;"><span class=3D"" = style=3D"font-family: Calibri, sans-serif; font-size: 11pt;"><b = class=3D"">From:</b> Robert Austen <<a = href=3D"mailto:robert.austen@willowglensystems.com" = class=3D"">robert.austen@willowglensystems.com</a>><br class=3D""><b = class=3D"">Sent:</b> April 7, 2025 4:33 PM<br class=3D""><b = class=3D"">To:</b> <a href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a><span = class=3D"x_Apple-converted-space"> </span><<a = href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a>>;<span = class=3D"x_Apple-converted-space"> </span><a = href=3D"mailto:freebsd-net@freebsd.org" = class=3D"">freebsd-net@freebsd.org</a><span = class=3D"x_Apple-converted-space"> </span><<a = href=3D"mailto:freebsd-net@freebsd.org" = class=3D"">freebsd-net@freebsd.org</a>><br class=3D""><b = class=3D"">Subject:</b> Fw: pfil_default_to_drop</span><div = class=3D""> </div></div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div id=3D"x_x_appendonsend" class=3D"" = style=3D"font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none;"></div><hr class=3D"" = style=3D"font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = display: inline-block; width: 576.234375px;"><span class=3D"" = style=3D"font-family: Helvetica; font-size: 13px; font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; float: none; display: = inline !important;"></span><div dir=3D"ltr" id=3D"x_x_divRplyFwdMsg" = class=3D"" style=3D"font-family: Helvetica; font-size: 13px; font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none;"><span = class=3D"" style=3D"font-family: Calibri, sans-serif; font-size: = 11pt;"><b class=3D"">From:</b> Robert Austen<br class=3D""><b = class=3D"">Sent:</b> April 7, 2025 4:21 PM<br class=3D""><b = class=3D"">To:</b> <a href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a><span = class=3D"x_Apple-converted-space"> </span><<a = href=3D"mailto:freebsd-current@freebsd.org" = class=3D"">freebsd-current@freebsd.org</a>><br class=3D""><b = class=3D"">Subject:</b> pfil_default_to_drop</span><div = class=3D""> </div></div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">Hello,</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">I've been playing with FreeBSD = and PF to build myself a new firewall, as Open/FreeBSD + PF seems to be = a common starting point.</div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">I've noticed a number of people = asking questions about PF_DEFAULT_TO_DROP and the like, with the = observations that it's hard</div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">to ensure that packets all default to drop if the rule file(s) = for whatever reason fail to load. </div></div></blockquote><div = class=3D""><br class=3D""></div><div class=3D"">Hi Robert,</div><div = class=3D""><br class=3D""></div><div class=3D"">So why not defining the = compile option PF_DEFAULT_TO_DROP, and preload <span class=3D"" = style=3D"">pf.ko ( via the loader(8), </span><span class=3D"" = style=3D"">/boot/loader.conf ) ?</span></div><div class=3D""><span = class=3D"" style=3D""><br class=3D""></span></div><div class=3D""><font = class=3D"">With 13.5, or upcoming 14.3 ( you can also experiment = latest stable/14 ), you can<span = class=3D"Apple-converted-space"> </span></font><span class=3D"" = style=3D"">turn the loader tunable net.pf.default_to_drop to 1, = and </span><span class=3D"" style=3D"">preload </span><span = class=3D"" style=3D"">pf.ko.</span></div><div class=3D"">See = also <a = href=3D"https://cgit.freebsd.org/src/commit/?id=3Dc531c1d1462c45f7ce5de4f9= 913226801f3073bd" = class=3D"">https://cgit.freebsd.org/src/commit/?id=3Dc531c1d1462c45f7ce5de= 4f9913226801f3073bd</a> .</div><div class=3D""><br = class=3D""></div><blockquote type=3D"cite" class=3D""><div class=3D""><div= class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;"><br class=3D""></div><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;">After looking thru the online documentation, forums = and scripts, I came to the conclusion that it's not a PF problem or IPFW = etc</div><div class=3D"" style=3D"font-style: normal; font-variant-caps: = normal; font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;">or really a problem with any of the = filters or scripts, the problem is at the level of PFIL, the kernel = packet filtering code: If no</div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">filter is loaded, i.e. if the heads are unhooked, then PFIL = sends<span class=3D"x_Apple-converted-space"> </span><b = class=3D"">everything</b> thru to its destination. So my = thought </div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">was to add an option = PFIL_DEFAULT_TO_DROP (in essence a PFIL version of PF_DEFAULT_TO_DROP) = that drops all the</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">IPv4 and IPv6 packets that = would otherwise go thru the yet-to-be-loaded chosen filter (PF or = whatever) at any given time the </div><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;">hooks are = unhooked. </div></div></blockquote><div class=3D""><br = class=3D""></div><div class=3D"">If no firewalls loaded, then the system = should behave as is. I do not think PFIL_DEFAULT_TO_DROP is the = right way to handle your case.</div><br class=3D""><blockquote = type=3D"cite" class=3D""><div class=3D""><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;"><br class=3D""></div><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;">[No one filters on local loopback nor the link layer, = so I've left those hooks untouched. I suppose one could add = them,</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">maybe = PFIL_DEFAULT_LOCAL_TO_DROP or PFIL_DEFAULT_LINK_TO_DROP, but I doubt = there's much demand for it.]</div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">Normally I'm an embedded linux = kernel basher.</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">I'm not entirely sure where to send this patch. Most of the = threads asking the above PF questions are closed to changes,</div><div = class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; text-align: left; margin: 0px; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">so that doesn't seem a good = place. Sir Dice seems to be a common answerer of questions; I would have = sent it to him/her </div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">if I could...</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">I'm not a user of GIT, so I'm = not sure how to submit a "GIT formatted patch"...</div><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;">I've simply diff -rdpNU 5 a copy of the @old folder = with a copy of @new folder. The code was written against = FreeBSD-14.1-RELEASE-amd64,</div><div class=3D"" style=3D"font-style: = normal; font-variant-caps: normal; font-weight: 400; letter-spacing: = normal; text-align: start; text-indent: 0px; text-transform: none; = white-space: normal; word-spacing: 0px; text-decoration: none; = direction: ltr; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">but I suspect the kernel code in the networking core doesn't = change much from platform to platform, or version to version.</div><div = class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; text-align: left; margin: 0px; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;"><br class=3D""></div><div = class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; text-align: left; margin: 0px; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;">But it works, it's pretty = simple, pretty small and so just in case it might be useful, I'm passing = it along.</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">thanks!</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;"><br class=3D""></div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; text-align: = left; margin: 0px; font-family: Aptos, Aptos_EmbeddedFont, = Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: = 12pt;">Robert</div><div class=3D"" style=3D"font-style: normal; = font-variant-caps: normal; font-weight: 400; letter-spacing: normal; = text-align: start; text-indent: 0px; text-transform: none; white-space: = normal; word-spacing: 0px; text-decoration: none; direction: ltr; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;"><br class=3D""></div><div = class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; text-align: left; margin: 0px; = font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, = Helvetica, sans-serif; font-size: 12pt;"><br class=3D""></div><div = class=3D"" style=3D"font-style: normal; font-variant-caps: normal; = font-weight: 400; letter-spacing: normal; text-align: start; = text-indent: 0px; text-transform: none; white-space: normal; = word-spacing: 0px; text-decoration: none; direction: ltr; font-family: = Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, = sans-serif; font-size: 12pt;"><br class=3D""></div><div class=3D"" = style=3D"font-style: normal; font-variant-caps: normal; font-weight: = 400; letter-spacing: normal; text-align: start; text-indent: 0px; = text-transform: none; white-space: normal; word-spacing: 0px; = text-decoration: none; direction: ltr; font-family: Aptos, = Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; = font-size: 12pt;"><br class=3D""></div><span = id=3D"x_cid:EF978BA5-1323-4E87-B14E-03A449683C8A" = class=3D""><FreeBSD-14.1-RELEASE-amd64-pfil_default_to_drop.patch.zip&g= t;</span></div></blockquote></div></div></div></div></blockquote></div><br= class=3D""><div class=3D""> <div><br class=3D""></div> </div> <br class=3D""></body></html>= --Apple-Mail=_26061429-F0E0-4E6E-861C-1085C0A47FDE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AE3D71CF-AF58-4F79-AF5C-6CD159C138D5>