Hello Matthew,
"block all" in pf.conf is ok, but it will go away when the rules are
flushed for known/unknown reasons. I feel it is desirable to have a
kernel parameter that does default blocking when all rules are flushed.
murthy
Matthew R. Dempsky wrote:
> On Mon, Jul 03, 2006 at 05:30:21PM -0700, c.s.r.c.murthy wrote:
>
>> This seems to be widely discussed problem in openbsd pf. There is no
>>kernel parameter that makes the pf to block all packets by default.
>
>
> Is something wrong with just putting ``block all'' in pf.conf?
[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a
name of murthy.3064DEFANGED-vcf]
