Diffusion FreeBSD src repository c531c1d1462c

pf: Convert PF_DEFAULT_TO_DROP into a vnet loader tunable 'net.pf.
c531c1d1462c
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

pf: Convert PF_DEFAULT_TO_DROP into a vnet loader tunable 'net.pf.default_to_drop'

7f7ef494f11d introduced a compile time option PF_DEFAULT_TO_DROP to make
the pf(4) default rule to drop. While this change exposes a vnet loader
tunable 'net.pf.default_to_drop' so that users can change the default
rule without re-compiling the pf(4) module.

This change is similiar to that for IPFW [1].

5f17ebf94db5 Convert IPFW_DEFAULT_TO_ACCEPT into a loader tunable 'net.inet.ip.fw.default_to_accept'

Reviewed by: network, kp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D39866

Details

Provenance

zlei	Authored on Sep 22 2023, 10:05 AM

Reviewer

Differential Revision

D39866: pf: Introduce a new vnet loader tunable net.pf.default_to_drop

Parents

rG36468371ce95: pkgbase: Fix ucl for libcompiler_rt

Branches

Unknown

Tags

Unknown

Event Timeline

zlei committed rGc531c1d1462c: pf: Convert PF_DEFAULT_TO_DROP into a vnet loader tunable 'net.pf. (authored by zlei).Sep 22 2023, 10:05 AM

zlei added an edge: D39866: pf: Introduce a new vnet loader tunable net.pf.default_to_drop.Sep 22 2023, 10:10 AM

zlei mentioned this in rG1117b3204873: pf.4: Bump .Dd.Sep 26 2023, 4:02 AM

Changes (2)

Path

Size

share/

man/

man4/

sys/

netpfil/

pf/

rGc531c1d1462c

share/man/man4/pf.4

Loading...

sys/netpfil/pf/pf_ioctl.c

Loading...