Options are basic settings that affect core PF functions. Options answer questions like these:
Do we reassemble fragments into packets?
How many entries should the state table support?
Is logging on?
All options start with the
set keyword. Because options affect how all other parts of PF operate, I recommend placing them at the very top of pf.conf.
Here, we’ll look at some of the more commonly used options.
Will your firewall silently drop forbidden packets, or respond to the client with “sorry, not allowed?” The block policy determines which approach it takes. By default, PF drops blocked packets, but you can override the global block policy on individual filter rules.
Strictly speaking, when PF ...