Date: Wed, 12 Jul 2023 20:38:35 +0200 From: Kristof Provost <kp@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-hackers@freebsd.org Subject: Re: dis/advantages of compiling in-kernel over kldload Message-ID: <F94E719F-C1BE-48C4-882D-AF42E3350ACB@FreeBSD.org> In-Reply-To: <ZK7mnohS12eEYoV2@int21h> References: <ZK7mnohS12eEYoV2@int21h>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12 Jul 2023, at 19:45, void wrote: > (for context this is on recent -current) > > in man(4) pf we have > > SYNOPSIS > device pf > options PF_DEFAULT_TO_DROP > > no real mention if it being loaded in rc.conf. > > But when it is loaded in (just) rc.conf with pf_enable=3DYES > it gets loaded as a kld. > Is there an advantage in compiling it in the kernel? > Is there a disadvantage in it being compiled in the kernel? > I strongly recommend that people stick with the GENERIC config, and ideal= ly just use the builds the project releases. Any deviation from that means you=E2=80=99re running a configuration that= =E2=80=99s less tested than the default. There may be good reasons to do so, but know that our warranty policy is = =E2=80=9CIf you break it you get to keep all of the pieces=E2=80=9D. For example, PF_DEFAULT_TO_DROP is know to be broken in at least some sce= narios: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237477 Best regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F94E719F-C1BE-48C4-882D-AF42E3350ACB>