Patch for adding "options PF_DEFAULT_TO_DROP" to kernel
configuration file
Andreas Rudisch
cyb. at gmx.net
Thu Sep 13 22:19:31 UTC 2012
On Thu, 13 Sep 2012 23:26:48 +0200
Olivier Cochard-Labbé <olivier at cochard.me> wrote:
> Hi,
> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new
> option to the kernel configuration file:
> options PF_DEFAULT_TO_DROP
>
> Without this option, with an empty pf.conf: All traffic are permit.
> With this option enabled, with an empty pf.conf: All traffic are
> dropped by default.
I really do not think that such a patch is needed. A simple 'block all'
in pf.conf will do the same, so why add code and recompile the kernel?
Also if you are setting up a remote server you probably do not want to
_not_ be able to access it.
Andreas
--
GnuPG key : 0x2A573565 | http://www.gnupg.org/howtos/de/
Fingerprint: 925D 2089 0BF9 8DE5 9166 33BB F0FD CD37 2A57 3565
More information about the freebsd-pf
mailing list