Date: Wed, 20 Jul 2005 18:32:06 -0700 From: Bill Fumerola <billf@FreeBSD.org> To: Muk Dunkin <mukden@yahoo.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: net.inet.ip.fw.enable=1 Message-ID: <20050721013206.GQ10302@elvis.mu.org> In-Reply-To: <20050720224147.50313.qmail@web30606.mail.mud.yahoo.com> References: <20050720224147.50313.qmail@web30606.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 20, 2005 at 03:41:47PM -0700, Muk Dunkin wrote: > Does anyone know what's the reason why > net.inet.ip.fw.enable was set to 1 as the default? > I've tried setting it to 0 and reboot, > net.inet.ip.fw.enable was reset to 1. Being that, all > packets will go thru the firewall code even if there > was no active firewall rules in place. changes to sysctls are not persistant. of course, you could program something to record the value on shutdown and restore on boot. that'd be overkill, look at the firewall_* directives for rc.conf. regardless, packets will not go very far into the firewall code if no rules are present. i would seriously doubt you could observe any performance difference. -- - bill fumerola / billf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050721013206.GQ10302>