Runtime control for the IPFIREWALL_FORWARD
Andrey V. Elsukov
bu7cher at yandex.ru
Sat Dec 16 01:41:04 PST 2006
>Andrey V. Elsukov wrote:
>This introduces quite a bit of extra code into the path of IP packets.
Yes, it will add a few extra checks like a "if (pfil_forward_enabled) {...}"
>Some people are very sensitive about anything that slows down that path.
I can introduce a new kernel option - NO_PFIL_FORWARD, which will remove an
extra code from the CUSTOM kernel.
But the GENERIC kernel will be more universal with a new feature.
--
WBR, Andrey V. Elsukov
More information about the freebsd-net
mailing list