From owner-freebsd-questions Sun Jan 7 15:34: 4 2001 Delivered-To: freebsd-questions@freebsd.org Received: from grumpy.dyndns.org (user-24-214-56-41.knology.net [24.214.56.41]) by hub.freebsd.org (Postfix) with ESMTP id 4587337B400 for ; Sun, 7 Jan 2001 15:33:47 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.1/8.11.1) with ESMTP id f07NXPZ74146; Sun, 7 Jan 2001 17:33:25 -0600 (CST) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200101072333.f07NXPZ74146@grumpy.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Doug Young Cc: freebsd-questions@FreeBSD.ORG From: David Kelly Subject: Re: IPFW / 4.2 RELEASE In-reply-to: Message from Doug Young of "Mon, 08 Jan 2001 07:36:11 +1000." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 07 Jan 2001 17:33:25 -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Doug Young writes: > Is ipfw enabled by default in 4.2 RELEASE or is a kernel compile required > in order to use it ?? Its available as a loadable kernel module. Have never used it that way myself but /etc/rc.firewall knows how to detect ipfw in the kernel and load the module if needed. The advantage of compiling ipfw statically into the kernel is that on boot you can have the interfaces default to "deny all" and not have a moment (or more) of exposure on boot. The advantage of building your own kernel is that its likely it will be 500k to 1M smaller than GENERIC. Probably not significant on a 128MB machine. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message