From owner-freebsd-current  Thu Jun 13 10:09:01 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA05423
          for current-outgoing; Thu, 13 Jun 1996 10:09:01 -0700 (PDT)
Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA05399
          for <freebsd-current@FreeBSD.ORG>; Thu, 13 Jun 1996 10:08:48 -0700 (PDT)
Received: from palmer.demon.co.uk (localhost [127.0.0.1])
	  by palmer.demon.co.uk (sendmail/PALMER-1) with ESMTP id OAA21413;
	  Thu, 13 Jun 1996 14:52:24 +0100 (BST)
To: Ollivier Robert <roberto@keltia.freenix.fr>
cc: freebsd-current@FreeBSD.ORG (FreeBSD Current Users' list)
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: #include opt_ipfw.h problem for lkm 
In-reply-to: Your message of "Thu, 13 Jun 1996 11:50:49 +0200."
             <199606130950.LAA15818@keltia.freenix.fr> 
Date: Thu, 13 Jun 1996 14:52:23 +0100
Message-ID: <21410.834673943@palmer.demon.co.uk>
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Ollivier Robert wrote in message ID
<199606130950.LAA15818@keltia.freenix.fr>:
> sys/netinet/ip_fw.c includes  "opt_ipfw.h" when compiling the kernel (which
> is fine) but includes it also when compiling as lkm (which is bad). 

Phoey. You're right.

On this subject, does anyone object to my REMOVAL of the option to
have IPFW as an LKM? Having it as an LKM is (IMHO) stupid ... all a
person breaking in needs to do to throw security WIDE open is
modunload the module, and then the machine will fall back to being a
simple router. Not my idea of a secure option.

Will anyone seriously miss it if I remove the lkm?

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info