On Tue, Jul 04, 2006 at 12:12:22PM -0700, c.s.r.c.murthy wrote:
> Also please confirm that there is no kernel parameter to make pf
> block everything by default.
Yes, there is no kernel parameter to make pf block everything by
default. You make pf block everything by default by putting ``block
all'' at the appropriate place in your pf.conf file.
This is spelt out for you in the pf.conf(5) man page:
To block everything by default and only pass packets that match
explicit rules, one uses
block all
as the first filter rule.
