>
> If you must do this then please consider adding a /boot/loader.conf setting
> instead of kernel configuration option. The option could be read only on
> running system or dependent on securelevel(7).
>
+1
Greg
___
freebsd-pf@freebsd.org mailin
On Fri, Sep 14, 2012 at 7:51 PM, Damien Fleuriot wrote:
>
> On 13 Sep 2012, at 23:26, Olivier Cochard-Labbé wrote:
>
>> Hi,
>> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new
>> option to the kernel configuration file:
>> options PF_DEFAULT_TO_DROP
>>
>> Without this option, wit
On 13 Sep 2012, at 23:26, Olivier Cochard-Labbé wrote:
> Hi,
> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new
> option to the kernel configuration file:
> options PF_DEFAULT_TO_DROP
>
> Without this option, with an empty pf.conf: All traffic are permit.
> With this option ena
On Thu, Sep 13, 2012 at 11:26:48PM +0200, Olivier Cochard-Labb? wrote:
O> Hi,
O> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new
O> option to the kernel configuration file:
O> options PF_DEFAULT_TO_DROP
O>
O> Without this option, with an empty pf.conf: All traffic are permit.
O>
