>I'm going to put my voice in in favor of Jason here, because I think
>these issues should be treated consistently by the kernel
>configuration system.  I really have no stake in how IP filtering
>works.

>"I want support for foo in my kernel" and "I want foo turned on" are
>two different statements and, by and large, they are treated as
>separate statements by the NetBSD kernel.  Why should we violate this
>paradigm in the case of IP filtering and nothing else?


Because IP filtering is a security issue, and the tradeoffs for
security are different.  They just *are*.  And that makes security a
special case.

I could build a firewall system that has NFS turned on in the kernel
and just not start nfsd's.  That's _not_ recommended practice.
Instead, you build a kernel without NFS, so that there's _no way_ you
can accidentally leave a loophole through which someone can attack
you.

The same argument applies with ipfilter and having to run ipf -E.
>From a security viewpoint, not having to run ipf -E *is better*.
I dunno, look at options INSECURE on the i386.  Should that be the
default?  Should you have to do anything other than (un)configure the
kernel config option to get the relevant behaviour?


Pfft.  Maybe I've spent too long being an security weenie.
Personally, I don't see why we should support ipfilter as an LKM,
because I don't think kernels for firewall machines should _have_ LKM
support.