* c.s.r.c.murthy <[EMAIL PROTECTED]> [2006-07-05 07:25]:
> "block all" in pf.conf is ok, but it will go away when the rules are
> flushed for known/unknown reasons. I feel it is desirable to have a
> kernel parameter that does default blocking when all rules are flushed.
then certainly you
On Wed, Jul 05, 2006 at 02:36:44AM -0400, Nick Guenther wrote:
> #pftcl -f all && echo "block all" | pfctl -f -
> then the switch over to the new ruleset is pretty snappy and hardly
> enough time for any malicious packets to get through.
Flushing the ruleset is totally unneccessary when loading a
c.s.r.c.murthy wrote:
Hello Matthew,
"block all" in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
But the default blocking will "go away when th
On 7/5/06, Lars Hansson <[EMAIL PROTECTED]> wrote:
On Thursday 06 July 2006 01:35, c.s.r.c.murthy wrote:
> "block all" in pf.conf is ok, but it will go away when the rules are
> flushed for known/unknown reasons. I feel it is desirable to have a
> kernel parameter that does default blocking when
On Wed, Jul 05, 2006 at 10:35:15AM -0700, c.s.r.c.murthy wrote:
> "block all" in pf.conf is ok, but it will go away when the rules are
> flushed for known/unknown reasons. I feel it is desirable to have a
> kernel parameter that does default blocking when all rules are flushed.
A patch is
On Thursday 06 July 2006 01:35, c.s.r.c.murthy wrote:
>I feel it is desirable to have a
> kernel parameter that does default blocking when all rules are flushed.
The developers think otherwise:
http://www.benzedrine.cx/pf/msg07442.html
---
Lars Hansson
Hello Matthew,
"block all" in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
murthy
Matthew R. Dempsky wrote:
> On Mon, Jul 03, 2006 at 05:
On Tue, Jul 04, 2006 at 12:12:45PM -0700, c.s.r.c.murthy wrote:
> Hello Joachim,
> Sorry I could not get on internet the answer from Alexey. Can you
> please give the URL for this. Also please confirm that there is no
> kernel parameter to make pf block everything by default.
This has bee
On 7/4/06, c.s.r.c.murthy <[EMAIL PROTECTED]> wrote:
Joachim Schipper wrote:
> On Mon, Jul 03, 2006 at 05:30:44PM -0700, c.s.r.c.murthy wrote:
>
>>Hi,
>>This seems to be widely discussed problem in openbsd pf. There is no
>>kernel parameter that makes the pf to block all packets by default.
On Tue, Jul 04, 2006 at 12:12:22PM -0700, c.s.r.c.murthy wrote:
> Also please confirm that there is no kernel parameter to make pf
> block everything by default.
Yes, there is no kernel parameter to make pf block everything by
default. You make pf block everything by default by putting ``block
Hello Joachim,
Sorry I could not get on internet the answer from Alexey. Can you
please give the URL for this. Also please confirm that there is no
kernel parameter to make pf block everything by default.
Thanks in advance
murthy
Joachim Schipper wrote:
> On Mon, Jul 03, 2006 at 05:30
On Mon, Jul 03, 2006 at 05:30:44PM -0700, c.s.r.c.murthy wrote:
> Hi,
> This seems to be widely discussed problem in openbsd pf. There is no
> kernel parameter that makes the pf to block all packets by default. I
> have searched on the internet and found some discussion taken place in
> 2005
12 matches
Mail list logo
