[RFC] Enabling IPFIREWALL_FORWARD in run-time
Eitan Adler
lists at eitanadler.com
Sun Oct 21 13:44:41 UTC 2012
On 19 October 2012 07:25, Andrey V. Elsukov <ae at freebsd.org> wrote:
> Hi All,
>
> Many years ago i have already proposed this feature, but at that time
> several people were against, because as they said, it could affect
> performance. Now, when we have high speed network adapters, SMP kernel
> and network stack, several locks acquired in the path of each packet,
> and i have an ability to test this in the lab.
>
> So, i prepared the patch, that removes IPFIREWALL_FORWARD option from
> the kernel and makes this functionality always build-in, but it is
> turned off by default and can be enabled via the sysctl(8) variable
> net.pfil.forward=1.
>
> http://people.freebsd.org/~ae/pfil_forward.diff
Please also modify man/man4/ipfirewall.4
--
Eitan Adler
More information about the freebsd-net
mailing list