Reducing the need to compile a custom kernel
Grégoire Leroy
gregoire.leroy at retenodus.net
Sun Feb 12 15:18:27 UTC 2012
> > >> The question is, is this enough? Or asked differently, why are you
> > >> compiling a custom kernel in a production environment (so I rule out
> > >> debug options which are not enabled in GENERIC)? Are there options
> > >> which you add which you can not add as a module (SW_WATCHDOG comes
> > >> to my mind)? If yes, which ones and how important are they for you?
> > >
> > > Hello,
> > >
> > > we are currently using on every server (in order to maintain a single
> > > custom kernel) the following options:
> > >
> > > IPFIREWALL IPFIREWALL_DEFAULT_TO_ACCEPT
> >
> > loadable, tunable there for this
Hi,
On my gateway I use these options with FreeBSD 8.2 :
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=5
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPFIREWALL_FORWARD
options DUMMYNET
options HZ=1000
Regards,
Grégoire Leroy
More information about the freebsd-stable
mailing list