Date: Mon, 17 Jul 2006 10:25:37 +0200 From: Harald Muehlboeck <home@clef.at> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-security@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <86hd1ghc3i.fsf@tuha.clef.at> In-Reply-To: <20060717023700.GF3240@insomnia.benzedrine.cx> (Daniel Hartmeier's message of "Mon, 17 Jul 2006 04:37:00 %2B0200") References: <44B7715E.8050906@suutari.iki.fi> <20060714154729.GA8616@psconsult.nl> <44B7D8B8.3090403@suutari.iki.fi> <20060716182315.GC3240@insomnia.benzedrine.cx> <86y7utgt0o.fsf@xps.des.no> <20060716214456.GE3240@insomnia.benzedrine.cx> <20060716223601.GA5039@gothmog.pc> <20060717023700.GF3240@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Hartmeier <daniel@benzedrine.cx> writes: > On Mon, Jul 17, 2006 at 01:36:01AM +0300, Giorgos Keramidas wrote: > >> I haven't verified that this is the _only_ change needed to make PF >> block everything by default, but having it as a compile-time option >> which defaults to block everything would be nice, right? > > Sure, when FreeBSD's default becomes to compile pf into the kernel or load > it by BTX, that makes sense. Otherwise it doesn't. What do you mean with default? None of the the firewalls available with FreeBSD (ipfw, ipf, pf) is part of the GENERIC Kernel. But many users will compile the firewall of their choise into their CUSTOM kernels. For ipfw and ipf this can be done either with "default to accept" or "default to deny" ploicy by adding the option options IPVFIREWALL_DEFAULT_TO_DENY or options IPFILTER_DEFAULT_BLOCK to the custom kernel configruation file.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86hd1ghc3i.fsf>