c.s.r.c.murthy wrote:
Hello Matthew,
"block all" in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
But the default blocking will "go away when the kernel parameters are
flushed for known/unknown reasons" too. Perhaps a setting for the
network drivers so that if the pf.conf goes, and the kernel parameter
are lost it can still block packets. But hey, if the setting goes away....
