diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2012-09-18 11:07:19 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2012-09-18 11:07:19 +0000 |
| commit | 7f7ef494f11d89442977cc4a1d7ed733cce88300 (patch) | |
| tree | 850ca5ee6c126d9d8eeb9a52cd2a3ea035c7201e /share/man/man4/pf.4 | |
| parent | 1d6139c0e41a4c029e9ba073b41f4402f571f5a6 (diff) | |
| download | src-7f7ef494f11d89442977cc4a1d7ed733cce88300.tar.gz src-7f7ef494f11d89442977cc4a1d7ed733cce88300.zip | |
Provide kernel compile time option to make pf(4) default rule to drop.
This is important to secure a small timeframe at boot time, when
network is already configured, but pf(4) is not yet.
PR: kern/171622
Submitted by: Olivier Cochard-LabbИ <olivier cochard.me>
Notes
Notes:
svn path=/head/; revision=240642
Diffstat (limited to 'share/man/man4/pf.4')
| -rw-r--r-- | share/man/man4/pf.4 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index 635078dbee24..f290a9b6d268 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 29 2012 +.Dd September 18 2012 .Dt PF 4 .Os .Sh NAME @@ -36,6 +36,7 @@ .Nd packet filter .Sh SYNOPSIS .Cd "device pf" +.Cd "options PF_DEFAULT_TO_DROP" .Sh DESCRIPTION Packet filtering takes place in the kernel. A pseudo-device, @@ -94,6 +95,15 @@ Read only .Xr sysctl 8 variables with matching names are provided to obtain current values at runtime. +.Sh KERNEL OPTIONS +The following options in the kernel configuration file are related to +.Nm +operation: +.Pp +.Bl -tag -width ".Dv PF_DEFAULT_TO_DROP" -compact +.It Dv PF_DEFAULT_TO_DROP +Change default policy to drop by default +.El .Sh IOCTL INTERFACE .Nm supports the following |