pf differences start

[minke]

What is difference if enable pf from rc.conf or compile in kernel? Can i get the same security in both cases?

 

[DutchDaemon]

If you enable it in /etc/rc.conf, pf will be loaded as a kernel loadable module (like doing kldload pf). This isn't necessary when it's compiled into the kernel. The only possible advantage I see is that an attacker who manages to escalate to root privileges could manually unload the module. This is, of course, a moot point if you think about it for a second.

 

[SirDice]

The only difference would be ALTQ. That's disabled when using modules.

 

[kpa]

It's disabled in GENERIC but you can compile your own kernel with pf as modules and with ALTQ support.