On 7/5/06, Lars Hansson [EMAIL PROTECTED] wrote:
On Thursday 06 July 2006 01:35, c.s.r.c.murthy wrote:
block all in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all
c.s.r.c.murthy wrote:
Hello Matthew,
block all in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
But the default blocking will go away when the
On Wed, Jul 05, 2006 at 02:36:44AM -0400, Nick Guenther wrote:
#pftcl -f all echo block all | pfctl -f -
then the switch over to the new ruleset is pretty snappy and hardly
enough time for any malicious packets to get through.
Flushing the ruleset is totally unneccessary when loading a new
* c.s.r.c.murthy [EMAIL PROTECTED] [2006-07-05 07:25]:
block all in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
then certainly you want
Hello Joachim,
Sorry I could not get on internet the answer from Alexey. Can you
please give the URL for this. Also please confirm that there is no
kernel parameter to make pf block everything by default.
Thanks in advance
murthy
Joachim Schipper wrote:
On Mon, Jul 03, 2006 at
On Tue, Jul 04, 2006 at 12:12:22PM -0700, c.s.r.c.murthy wrote:
Also please confirm that there is no kernel parameter to make pf
block everything by default.
Yes, there is no kernel parameter to make pf block everything by
default. You make pf block everything by default by putting ``block
On Tue, Jul 04, 2006 at 12:12:45PM -0700, c.s.r.c.murthy wrote:
Hello Joachim,
Sorry I could not get on internet the answer from Alexey. Can you
please give the URL for this. Also please confirm that there is no
kernel parameter to make pf block everything by default.
This has been
Hello Matthew,
block all in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
murthy
Matthew R. Dempsky wrote:
On Mon, Jul 03, 2006 at
On Thursday 06 July 2006 01:35, c.s.r.c.murthy wrote:
I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
The developers think otherwise:
http://www.benzedrine.cx/pf/msg07442.html
---
Lars Hansson
Hi,
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005 regarding this. The discussion concludes no such parameter in
kernel.
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005 regarding this. The discussion concludes no such parameter in
kernel. Are
On Mon, Jul 03, 2006 at 05:30:44PM -0700, c.s.r.c.murthy wrote:
Hi,
This seems to be widely discussed problem in openbsd pf. There is no
kernel parameter that makes the pf to block all packets by default. I
have searched on the internet and found some discussion taken place in
2005
12 matches
Mail list logo