> Another point - you can upgrade ipfilter stuff without rebooting,
> it is useful in situations where minimum downtime is possible.
> PFIL_HOOKS does not add much functionality to the kernel and
> I always turn this on on every box.

I think you are missing his point though.  Some people kldload ipl.ko 
because they don't want to recompile their kernel.  IF they recompile 
it with PFIL_HOOKS might as well do ipfilter at the same time.
