PF Enabled by Default in OpenBSD-current

“As seen here,
PF is now enabled by default. The default pf.conf will now pass in all
traffic, except for TCP port 6000 normally used by remote-X11. By having the X server still listen on port 6000 but let PF block incoming packets that aren’t coming from localhost you can still use local X sessions that needs to talk to the TCP port or runs through a port forward from remote, but at the same time don’t expose your machine on the network. Recent changes to PF, like having packet reassembly enabled on all packets by default, will now help clean incoming traffic.”

4 Comments

  1. 2009-06-09 11:15 pm
    • 2009-06-10 12:34 am
    • 2009-06-12 11:56 pm
  2. 2009-06-10 12:38 am