Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 23 Jan 2007 23:34:24 -0000
From:      "Greg Hennessy" <>
To:        "'Martin Turgeon'" <>
Subject:   RE: PF in kernel or as a module
Message-ID:  <000001c73f47$041659b0$0c430d10$>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> Hi all!
> I would like to start a debate on this subject. Which method of
> enabling
> PF is the more secure (buffer overflow for example), the fastest, the
> most stable, etc. I searched the web for some info but without result.
> So I would like to know your opinion on the pros and cons of each
> method.

For production Freebsd based firewalls I have always built the kernel with
PF. The idea being that if something does go pear shaped, there's a good
chance that at least the packet filter will stay operational. 

OpenBSDs standard pre loaded /etc/rc filter  (which drops everything except
ssh & IIRC dns) would also be nice, but my understanding is that to
implement it on Free would break the startup elsewhere. 


Want to link to this message? Use this URL: <$041659b0$0c430d10$>