From owner-freebsd-current  Sat Dec 21  9:41:10 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E314237B401
	for <current@freebsd.org>; Sat, 21 Dec 2002 09:41:08 -0800 (PST)
Received: from bluejay.mail.pas.earthlink.net (bluejay.mail.pas.earthlink.net [207.217.120.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 68C7043EEA
	for <current@freebsd.org>; Sat, 21 Dec 2002 09:41:08 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from [216.20.231.174] (helo=mindspring.com)
	by bluejay.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)
	id 18PncC-0006IL-00; Sat, 21 Dec 2002 09:40:45 -0800
Message-ID: <3E04A746.20C5C72E@mindspring.com>
Date: Sat, 21 Dec 2002 09:39:18 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Sergey Mokryshev <mokr@mokr.net>
Cc: Vallo Kallaste <kalts@estpak.ee>, Sam Leffler <sam@errno.com>,
	Hiten Pandya <hiten@unixdaemons.com>,
	Darren Reed <darrenr@reed.wattle.id.au>, current@FreeBSD.ORG
Subject: Re: PFIL_HOOKS should be made default in 5.0
References: <20021221040724.G7129-100000@lemori.mokr.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4cdb10f658046335ebc286c8f175319c7a2d4e88014a4647c350badd9bab72f9c350badd9bab72f9c
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Sergey Mokryshev wrote:
> > I'm really not a fan of "NO_PFIL_HOOKS" as an option.
> 
> I'm not talking about NO_PFIL_HOOKS but "options PFIL_HOOKS" in GENERIC.
> Too many people may foot shoot themselves trying to upgrade from 4-STABLE
> to 5.0.

If you make them non-optional, which is what started this thread,
then you *are* talking about having to add an option in to get
rid of them.

I understand that people all want their pet software to run out
of the box without modification.


> > Probably the correct thing to do is to wire in ipfilter as a
> > Netgraph module.
> 
> AFAIK Solaris, HP-UX and others lack Netgraph support, but support pfil.

They support Streams, instead.  Same ecological niche.


-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message