IPF and kernel options
Dick Hoogendijk
dick at nagual.st
Wed Apr 30 06:53:13 PDT 2003
Excuse me if this sounds like newbie first class..
I run a couple of fbsd workstations, but now I want to migrate one to be
the server of my homenetwork.
No big deal, but I need a firewall up-and-running. I've chosen for ipf,
read a lot about it and set up my rules, but: looking at the kernel
config I understand that the GENERIC has no firewall support.
LINT shows me quite some "options" but I'm not quite sure which I need
and which not. As said I don't plan using ipfw, so I guess I could leave
out all references to "ipfirewall"? But what about mrouting, ipstealth,
tcpdebug, icmp_bandlim, dummynet, bridge, etc..
=-=-=-from LINT-=-=-=
options MROUTING
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE_LIMIT=100
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPV6FIREWALL
options IPV6FIREWALL_VERBOSE
options IPV6FIREWALL_VERBOSE_LIMIT=100
options IPV6FIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options IPFILTER_DEFAULT_BLOCK #block all packets by default
options IPSTEALTH #support for stealth forwarding
options TCPDEBUG
options RANDOM_IP_ID
# Statically link in accept filters
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options ICMP_BANDLIM
options DUMMYNET
options BRIDGE
=-=-=-=-end-=-=-=
A reference to a manual I overlooked it welcome too. I'm not lazy. I
just can't find the information needed. Maybe ipfw is the FreeBSD way of
firewalling?
--
dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.8 ++ Debian GNU/Linux (Woody)
More information about the freebsd-questions
mailing list