Date: Sun, 12 May 1996 13:30:04 -0700 (PDT) From: Garrett Wollman <wollman@lcs.mit.edu> To: freebsd-bugs Subject: kern/1192: Kernel IPFW Message-ID: <199605122030.NAA12504@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/1192; it has been noted by GNATS. From: Garrett Wollman <wollman@lcs.mit.edu> To: nash@mcs.com Cc: FreeBSD-gnats-submit@freebsd.org, phk@freebsd.org Subject: kern/1192: Kernel IPFW Date: Sun, 12 May 1996 16:23:32 -0400 <<On Sun, 12 May 1996 14:40:24 -0500 (CDT), Alex Nash <alex@zen.nash.org> said: > Moved the majority of code out of the ipfw_load (module load) > routine and instead issue a call to ipfw_init which does the same > thing (sans the splnet() issued at the beginning of ipfw_load). Actually, I would very much like to get rid of the dynamically-loadable IPFW module entirely. If you are running any sort of a reasonable router configuration (i.e., with multiple cards from the same vendor), you will have to reconfigure the kernel anyway, and I think there are probably good security reasons for wanting in that way. (What if the LKM fails to load because you are out of disk space in /tmp? Oops.) Perhaps more significantly, it puts extra hair in the IP input and output paths that doesn't need to be there in the common case (workstation or non-firewalling router), so I'd like to see it removed. (And yes, I do remember that I'm the one who suggested making it into an LKM in the first place!) -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605122030.NAA12504>