GENERIC and firewall modules

[Hiten Pandya]

Erik P. Skaalerud wrote:
As with the current GENERIC, PFIL_HOOKS are not enabled by default.

Any reasons for this? I dont know abotu the ipfw module, but the 
ipfilter module (ipl) can not load without PFIL in kernel.

Perhaps it could be made default in GENERIC?

Erik
	Last time I checked, PFIL_HOOKS degrades the performance of
	input/output path.  People who do not use a firewall solution
	the additional processing is pointless.
	FreeBSD guys only added it due to mass requests of firewall
	module brokenness.  In my opinion, it would be better to just
	compile-in your firewall with a modified configuration; but
	as I said, that is my opinion.
		-Hiten
		hmp at xxxxxxxxxxxxx