# pf differences start



## minke (Dec 6, 2010)

What is difference if enable pf from rc.conf or compile in kernel? Can i get the same security in both cases?


----------



## DutchDaemon (Dec 6, 2010)

If you enable it in /etc/rc.conf, pf will be loaded as a kernel loadable module (like doing *kldload pf*). This isn't necessary when it's compiled into the kernel. The only possible advantage I see is that an attacker who manages to escalate to root privileges could manually unload the module. This is, of course, a moot point if you think about it for a second.


----------



## SirDice (Dec 7, 2010)

The only difference would be ALTQ. That's disabled when using modules.


----------



## kpa (Dec 7, 2010)

It's disabled in GENERIC but you can compile your own kernel with pf as modules and with ALTQ support.


----------

