Date: Tue, 23 Jan 2007 23:34:24 -0000 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Martin Turgeon'" <turgeon.martin@gmail.com> Cc: freebsd-pf@freebsd.org Subject: RE: PF in kernel or as a module Message-ID: <000001c73f47$041659b0$0c430d10$@Hennessy@nviz.net> In-Reply-To: <45B684BD.8090706@gmail.com> References: <45B684BD.8090706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi all! > > I would like to start a debate on this subject. Which method of > enabling > PF is the more secure (buffer overflow for example), the fastest, the > most stable, etc. I searched the web for some info but without result. > So I would like to know your opinion on the pros and cons of each > method. For production Freebsd based firewalls I have always built the kernel with PF. The idea being that if something does go pear shaped, there's a good chance that at least the packet filter will stay operational. OpenBSDs standard pre loaded /etc/rc filter (which drops everything except ssh & IIRC dns) would also be nice, but my understanding is that to implement it on Free would break the startup elsewhere. Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c73f47$041659b0$0c430d10$>