GENERIC and firewall modules
Erik P. Skaalerud
erik at pentadon.com
Tue May 25 18:51:42 PDT 2004
As with the current GENERIC, PFIL_HOOKS are not enabled by default.
Any reasons for this? I dont know abotu the ipfw module, but the
ipfilter module (ipl) can not load without PFIL in kernel.
Perhaps it could be made default in GENERIC?
Last time I checked, PFIL_HOOKS degrades the performance of
input/output path. People who do not use a firewall solution
the additional processing is pointless.
FreeBSD guys only added it due to mass requests of firewall
module brokenness. In my opinion, it would be better to just
compile-in your firewall with a modified configuration; but
as I said, that is my opinion.
Yes, I do compile in firewall in kernel. But some people maybe dont. Or
just need to load a firewall module in a quick hurry.
I really dont see the point of building firewall modules when the kernel
afterall has to be rebuilt to make the modules work.
Could someone check if PFIL_HOOKS decreases system performance when not
having any firewall activated?
Erik
More information about the Kernel
mailing list