From owner-freebsd-bugs  Sun May 12 13:30:07 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA12512
          for bugs-outgoing; Sun, 12 May 1996 13:30:07 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id NAA12504
          Sun, 12 May 1996 13:30:04 -0700 (PDT)
Date: Sun, 12 May 1996 13:30:04 -0700 (PDT)
Message-Id: <199605122030.NAA12504@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: Garrett Wollman <wollman@lcs.mit.edu>
Subject: kern/1192: Kernel IPFW
Reply-To: Garrett Wollman <wollman@lcs.mit.edu>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR kern/1192; it has been noted by GNATS.

From: Garrett Wollman <wollman@lcs.mit.edu>
To: nash@mcs.com
Cc: FreeBSD-gnats-submit@freebsd.org, phk@freebsd.org
Subject: kern/1192: Kernel IPFW
Date: Sun, 12 May 1996 16:23:32 -0400

 <<On Sun, 12 May 1996 14:40:24 -0500 (CDT), Alex Nash <alex@zen.nash.org> said:
 
 >   Moved the majority of code out of the ipfw_load (module load)
 >   routine and instead issue a call to ipfw_init which does the same
 >   thing (sans the splnet() issued at the beginning of ipfw_load).
 
 Actually, I would very much like to get rid of the
 dynamically-loadable IPFW module entirely.  If you are running any
 sort of a reasonable router configuration (i.e., with multiple cards
 from the same vendor), you will have to reconfigure the kernel anyway,
 and I think there are probably good security reasons for wanting in
 that way.  (What if the LKM fails to load because you are out of disk
 space in /tmp?  Oops.)  Perhaps more significantly, it puts extra hair
 in the IP input and output paths that doesn't need to be there in the
 common case (workstation or non-firewalling router), so I'd like to
 see it removed.
 
 (And yes, I do remember that I'm the one who suggested making it into
 an LKM in the first place!)
 
 -GAWollman
 
 --
 Garrett A. Wollman   | Shashish is simple, it's discreet, it's brief. ... 
 wollman@lcs.mit.edu  | Shashish is the bonding of hearts in spite of distance.
 Opinions not those of| It is a bond more powerful than absence.  We like people
 MIT, LCS, ANA, or NSA| who like Shashish.  - Claude McKenzie + Florent Vollant