Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Should I turn off Kernel PTI & MDS Mitigation on a bare-metal pfSense server ?

    General pfSense Questions
    3
    4
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      Upper Deck
      last edited by

      Hi there,

      I just did some searches on this issue. Don't have any conclusion.

      Any consensus about it?

      U.D.

      G 1 Reply Last reply Reply Quote 0
      • G
        gabacho4 Rebel Alliance @Upper Deck
        last edited by

        @upper-deck netgate turns them off on their hardware. The assessment was that those exploits require physical access to the router and that if a bad actor can touch your router physically, you’ve already lost.

        U F 2 Replies Last reply Reply Quote 1
        • U
          Upper Deck @gabacho4
          last edited by

          @gabacho4

          Just disabled these two options. Got noticeable IPsec VPN performance improvements on a Intel J1900 platform (140Mb/s -> 160Mb/s), and slight performance changes on a Intel E3-1280 v5.

          1 Reply Last reply Reply Quote 0
          • F
            FrankM @gabacho4
            last edited by

            @gabacho4

            Thank you for explaining, I too wondered about those settings.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.