On Tuesday 23 January 2007 22:57, Martin Turgeon wrote: > I would like to start a debate on this subject. Which method of > enabling PF is the more secure (buffer overflow for example), the > fastest, the most stable, etc. I searched the web for some info but > without result. So I would like to know your opinion on the pros and > cons of each method.
Kernel module - loaded via loader.conf - is as secure as built in. There is a slight chance, that somebody might be able to compromise the module on disk, but then they are likely to be able to write to the kernel (in the same location) as well. An additional plus is the possibility of freebsd-update if you do not have to build a custom kernel. Note that some features are only available when built in: pfsync and altq - this is not going to change for technical reasons. Performance wise there should be no difference. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpcSz5o5TGQH.pgp
Description: PGP signature
