From owner-freebsd-ipfw@FreeBSD.ORG  Thu Jul 21 01:32:07 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 58DE816A421
	for <freebsd-ipfw@freebsd.org>; Thu, 21 Jul 2005 01:32:07 +0000 (GMT)
	(envelope-from billf@elvis.mu.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 29D9043D48
	for <freebsd-ipfw@freebsd.org>; Thu, 21 Jul 2005 01:32:06 +0000 (GMT)
	(envelope-from billf@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1098)
	id BECFB5CBD5; Wed, 20 Jul 2005 18:32:06 -0700 (PDT)
Date: Wed, 20 Jul 2005 18:32:06 -0700
From: Bill Fumerola <billf@FreeBSD.org>
To: Muk Dunkin <mukden@yahoo.com>
Message-ID: <20050721013206.GQ10302@elvis.mu.org>
References: <20050720224147.50313.qmail@web30606.mail.mud.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050720224147.50313.qmail@web30606.mail.mud.yahoo.com>
User-Agent: Mutt/1.4.2.1i
X-Operating-System: FreeBSD 4.10-MUORG-20041118 i386
X-PGP-Key: 1024D/7F868268
X-PGP-Fingerprint: 5B2D 908E 4C2B F253 DAEB  FC01 8436 B70B 7F86 8268
Cc: freebsd-ipfw@freebsd.org
Subject: Re: net.inet.ip.fw.enable=1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2005 01:32:07 -0000

On Wed, Jul 20, 2005 at 03:41:47PM -0700, Muk Dunkin wrote:
> Does anyone know what's the reason why
> net.inet.ip.fw.enable was set to 1 as the default? 
> I've tried setting it to 0 and reboot,
> net.inet.ip.fw.enable was reset to 1.  Being that, all
> packets will go thru the firewall code even if  there
> was no active firewall rules in place.

changes to sysctls are not persistant. of course, you could program
something to record the value on shutdown and restore on boot.  that'd
be overkill, look at the firewall_* directives for rc.conf.

regardless, packets will not go very far into the firewall code if no
rules are present. i would seriously doubt you could observe any
performance difference.

-- 
- bill fumerola / billf@FreeBSD.org