[nycbug-talk] Restarting ipfw remotely
Trish Lynch
trish
Thu Dec 22 08:51:35 EST 2005
On Wed, 21 Dec 2005, Francisco Reyes wrote:
> Trish Lynch writes:
>
>> What I've taken to doing is having ipfw default to accept in the kernel,
>> then having as my last line the deny all rule (65534), so it would be next
>> to impossible to lock myself out if I reload or flush it.
>
> I like that idea.
>
> While on the IPFW subject.. since when it became possile to run IPFW without
> modifying the kernel? A new co-worker just showed me a few days ago how one
> can just enable it in /rc.conf and just do "ipfw start".. is that a loadable
> module?
>
> Is performance still better from the kernel?
Yes, its a loadable module, it has been since 3.x as far as I know.... it
just wasn;t loadable in rc.conf until 4.x....
As with any loadable module, I would expect some sort of small performance
hit, probably not one to be able to notice though.
-Trish
--
Trish Lynch trish at bsdunix.net
Ecartis Core Team trish at listmistress.org
Key fingerprint = 781D 2B47 AA4B FC88 B919 0CD6 26B2 1D62 6FC1 FF16
More information about the talk
mailing list