diff options
author | glebius <glebius@FreeBSD.org> | 2012-09-18 11:07:19 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2012-09-18 11:07:19 +0000 |
commit | df8f63316940a8bb3f78ae2c2ab1aafc1a690204 (patch) | |
tree | 850ca5ee6c126d9d8eeb9a52cd2a3ea035c7201e /share/man/man4/pf.4 | |
parent | c3ead4d7df91f96b5c4796a2d0742c691e9bf5cb (diff) | |
download | FreeBSD-src-df8f63316940a8bb3f78ae2c2ab1aafc1a690204.zip FreeBSD-src-df8f63316940a8bb3f78ae2c2ab1aafc1a690204.tar.gz |
Provide kernel compile time option to make pf(4) default rule to drop.
This is important to secure a small timeframe at boot time, when
network is already configured, but pf(4) is not yet.
PR: kern/171622
Submitted by: Olivier Cochard-LabbИ <olivier cochard.me>
Diffstat (limited to 'share/man/man4/pf.4')
-rw-r--r-- | share/man/man4/pf.4 | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/share/man/man4/pf.4 b/share/man/man4/pf.4 index 635078d..f290a9b 100644 --- a/share/man/man4/pf.4 +++ b/share/man/man4/pf.4 @@ -28,7 +28,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 29 2012 +.Dd September 18 2012 .Dt PF 4 .Os .Sh NAME @@ -36,6 +36,7 @@ .Nd packet filter .Sh SYNOPSIS .Cd "device pf" +.Cd "options PF_DEFAULT_TO_DROP" .Sh DESCRIPTION Packet filtering takes place in the kernel. A pseudo-device, @@ -94,6 +95,15 @@ Read only .Xr sysctl 8 variables with matching names are provided to obtain current values at runtime. +.Sh KERNEL OPTIONS +The following options in the kernel configuration file are related to +.Nm +operation: +.Pp +.Bl -tag -width ".Dv PF_DEFAULT_TO_DROP" -compact +.It Dv PF_DEFAULT_TO_DROP +Change default policy to drop by default +.El .Sh IOCTL INTERFACE .Nm supports the following |