Date: Tue, 14 Feb 2012 10:23:15 +0100 From: n j <nino80@gmail.com> To: stable@freebsd.org, ipfw@freebsd.org Subject: Re: Reducing the need to compile a custom kernel Message-ID: <CALf6cgbofhtZSOV_vfPy35M3S9WTrP3QXrByWk4kL5%2BPz_C7Qg@mail.gmail.com> In-Reply-To: <20120212173339.G93710@sola.nimnet.asn.au> References: <20120210145604.Horde.ewjpSpjmRSRPNSH0YRHxgAk@webmail.leidinger.net> <4F353E4A.6030903@noc.ntua.gr> <B23C8B04-DBEF-45A3-8AC7-D57F591BC8B1@lists.zabbadoz.net> <20120212173339.G93710@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 12, 2012 at 8:52 AM, Ian Smith <smithi@nimnet.asn.au> wrote: > On Fri, 10 Feb 2012 16:12:00 +0000, Bjoern A. Zeeb wrote: > =A0> > IPFIREWALL_FORWARD > > Unless something's changed, julian@ has pointed out (paraphrasing) that > this adds bits of code to various parts of the stack and was thought to > impact performance too much when unused to conditionalise each instance. > > I'm unsure if this is the only case ipfw still needs building in kernel? If something's changed, I'd really love to hear it. IPFIREWALL_FORWARD is the most common reason I need a custom kernel (usually to solve the issues around asymmetric/source-based policy routing on multihomed hosts). Really miss Linux' "ip rule... table" functionality. Regards, --=20 Nino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALf6cgbofhtZSOV_vfPy35M3S9WTrP3QXrByWk4kL5%2BPz_C7Qg>