Date: Tue, 15 Nov 2022 22:00:48 +0100 From: Kristof Provost <kp@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-hackers@freebsd.org Subject: Re: pf options in kernel Message-ID: <066FCA78-CDC6-4178-AAE1-6F9FD8A665CB@FreeBSD.org> In-Reply-To: <Y3P69NuvWOhxdmux@openbsd.local>
index | next in thread | previous in thread | raw e-mail
On 15 Nov 2022, at 21:47, void wrote: > Is there any advantage to having > device pf > options PF_DEFAULT_TO_DROP > > built into the kernel, over having > > "set block-policy drop" in /etc/pf.conf and "pf_enable="YES"" in /etc/rc.conf?0 > Configure this in your pf.conf file, not as a kernel option. There’s at least one known bug with PF_DEFAULT_TO_DROP: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237477 As a general rule you should avoid custom kernel options whenever it’s remotely possible. Kristofhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?066FCA78-CDC6-4178-AAE1-6F9FD8A665CB>