Date: Tue, 15 Nov 2022 22:00:48 +0100 From: Kristof Provost <kp@FreeBSD.org> To: void <void@f-m.fm> Cc: freebsd-hackers@freebsd.org Subject: Re: pf options in kernel Message-ID: <066FCA78-CDC6-4178-AAE1-6F9FD8A665CB@FreeBSD.org> In-Reply-To: <Y3P69NuvWOhxdmux@openbsd.local> References: <Y3P69NuvWOhxdmux@openbsd.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 Nov 2022, at 21:47, void wrote: > Is there any advantage to having > device pf > options PF_DEFAULT_TO_DROP > > built into the kernel, over having > > "set block-policy drop" in /etc/pf.conf and "pf_enable=3D"YES"" in /etc= /rc.conf?0 > Configure this in your pf.conf file, not as a kernel option. There=E2=80=99s at least one known bug with PF_DEFAULT_TO_DROP: https://b= ugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237477 As a general rule you should avoid custom kernel options whenever it=E2=80= =99s remotely possible. Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?066FCA78-CDC6-4178-AAE1-6F9FD8A665CB>