Date: Sun, 12 Feb 2012 15:47:57 +0100 From: =?iso-8859-1?q?Gr=E9goire_Leroy?= <gregoire.leroy@retenodus.net> To: freebsd-ipfw@freebsd.org Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, stable@freebsd.org, ipfw@freebsd.org, Ian Smith <smithi@nimnet.asn.au>, Panagiotis Christias <p.christias@noc.ntua.gr> Subject: Re: Reducing the need to compile a custom kernel Message-ID: <201202121547.57404.gregoire.leroy@retenodus.net> In-Reply-To: <20120212173339.G93710@sola.nimnet.asn.au> References: <20120210145604.Horde.ewjpSpjmRSRPNSH0YRHxgAk@webmail.leidinger.net> <B23C8B04-DBEF-45A3-8AC7-D57F591BC8B1@lists.zabbadoz.net> <20120212173339.G93710@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >> The question is, is this enough? Or asked differently, why are you > > >> compiling a custom kernel in a production environment (so I rule out > > >> debug options which are not enabled in GENERIC)? Are there options > > >> which you add which you can not add as a module (SW_WATCHDOG comes > > >> to my mind)? If yes, which ones and how important are they for you? > > >=20 > > > Hello, > > >=20 > > > we are currently using on every server (in order to maintain a single > > > custom kernel) the following options: > > >=20 > > > IPFIREWALL IPFIREWALL_DEFAULT_TO_ACCEPT > >=20 > > loadable, tunable there for this Hi, On my gateway I use these options with FreeBSD 8.2 : options IPFIREWALL=20 options IPFIREWALL_VERBOSE=20 options IPFIREWALL_VERBOSE_LIMIT=3D5=20 options IPFIREWALL_DEFAULT_TO_ACCEPT=20 options IPDIVERT=20 options IPFIREWALL_FORWARD=20 options DUMMYNET=20 options HZ=3D1000=20 Regards, Gr=E9goire Leroy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202121547.57404.gregoire.leroy>