Date: Wed, 12 Jul 2023 20:38:35 +0200 From: Kristof Provost <kp@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-hackers@freebsd.org Subject: Re: dis/advantages of compiling in-kernel over kldload Message-ID: <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org> In-Reply-To: <ZK7mnohS12eEYoV2@int21h> References: <ZK7mnohS12eEYoV2@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Jul 2023, at 19:45, void wrote: > (for context this is on recent -current) > > in man(4) pf we have > > SYNOPSIS > device pf > options PF_DEFAULT_TO_DROP > > no real mention if it being loaded in rc.conf. > > But when it is loaded in (just) rc.conf with pf_enable=YES > it gets loaded as a kld. > Is there an advantage in compiling it in the kernel? > Is there a disadvantage in it being compiled in the kernel? > I strongly recommend that people stick with the GENERIC config, and ideally just use the builds the project releases. Any deviation from that means you’re running a configuration that’s less tested than the default. There may be good reasons to do so, but know that our warranty policy is “If you break it you get to keep all of the pieces”. For example, PF_DEFAULT_TO_DROP is know to be broken in at least some scenarios: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477 Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F94E719F-C1BE-48C4-882D-AF42E3350ACB>