On 13 Sep 2012, at 23:26, Olivier Cochard-Labbé <[email protected]> wrote:
> Hi, > here is a little patch (tested on FreeBSD 9.1-RC1) that add a new > option to the kernel configuration file: > options PF_DEFAULT_TO_DROP > > Without this option, with an empty pf.conf: All traffic are permit. > With this option enabled, with an empty pf.conf: All traffic are > dropped by default. > > If the attached file is removed, you can found the patch here: > http://www.freebsd.org/cgi/query-pr.cgi?pr=171622 > > Regards, > > Olivier > <freebsd.pf_drop.patch> Is there any point to this ? I mean, PF has to be enabled manually anyway, so it's not like it adds any kind of default security. Worse, it could lock careless people out. People able to use this (read: who can rebuild a kernel) likely are intelligent enough to cobble up a default block rule for their pf.conf._______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
