Date: Sun, 21 Oct 2012 09:44:10 -0400 From: Eitan Adler <lists@eitanadler.com> To: "Andrey V. Elsukov" <ae@freebsd.org> Cc: ipfw@freebsd.org, net@freebsd.org Subject: Re: [RFC] Enabling IPFIREWALL_FORWARD in run-time Message-ID: <CAF6rxg=V66A%2BnSD4BVShC-9AUdkN5nWkw7cqKY2keq4MCU0i_Q@mail.gmail.com> In-Reply-To: <508138A4.5030901@FreeBSD.org> References: <508138A4.5030901@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 October 2012 07:25, Andrey V. Elsukov <ae@freebsd.org> wrote: > Hi All, > > Many years ago i have already proposed this feature, but at that time > several people were against, because as they said, it could affect > performance. Now, when we have high speed network adapters, SMP kernel > and network stack, several locks acquired in the path of each packet, > and i have an ability to test this in the lab. > > So, i prepared the patch, that removes IPFIREWALL_FORWARD option from > the kernel and makes this functionality always build-in, but it is > turned off by default and can be enabled via the sysctl(8) variable > net.pfil.forward=1. > > http://people.freebsd.org/~ae/pfil_forward.diff Please also modify man/man4/ipfirewall.4 -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=V66A%2BnSD4BVShC-9AUdkN5nWkw7cqKY2keq4MCU0i_Q>