Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?

Daniel Hartmeier <daniel@xxxxxxxxxxxxx> writes:

On Mon, Jul 17, 2006 at 01:36:01AM +0300, Giorgos Keramidas wrote:

I haven't verified that this is the _only_ change needed to make PF
block everything by default, but having it as a compile-time option
which defaults to block everything would be nice, right?

Sure, when FreeBSD's default becomes to compile pf into the kernel or load
it by BTX, that makes sense. Otherwise it doesn't.

What do you mean with default?

None of the the firewalls available with FreeBSD (ipfw, ipf, pf) is
part of the GENERIC Kernel. But many users will compile the firewall
of their choise into their CUSTOM kernels.

For ipfw and ipf this can be done either with "default to accept" or
"default to deny" ploicy by adding the option


to the custom kernel configruation file.

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

    ... > Many users who build custom kernels do not build modules, ... > want to compile everything they need into the kernel ... of the concequenses. ...
  • make dev problems
    ... I need to compile a kernel with IPFW on a remote machine running ... Stop*** Error code 2 ...
  • Re: HP C compiler questions.
    ... Come version 3, the offerings on ... The new C compiler can't handle K&R, it also can't flag it. ... You should compile with +M0 before going to IPF. ...
  • Re: ipfw security patch problem..
    ... > I upgraded my ipfw yesterday on my 4.0-STABLE system with the patch by ... > following the instructions to the letter for the security bug discovered ... You have to compile ipfw, compile a new kernel, ...
  • Re: solaris router/firewall
    ... > Wouldnt it be about time for someone to compile that Howto? ... There is some excellent material on ipf with Solaris and other systems ...