| 41 |
x use packet fiters (firewall): |
x use packet fiters (firewall): |
| 42 |
x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html |
x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html |
| 43 |
x some options at the kernel have to be enabled: |
x some options at the kernel have to be enabled: |
| 44 |
<pre style="font-size:10px"> |
- options IPFIREWALL |
| 45 |
options IPFIREWALL #Compiles into the kernel the code for packet filtering. |
Compiles into the kernel the code for packet filtering. |
| 46 |
options IPFIREWALL_VERBOSE #Enables code to allow logging of packets through syslogd. |
- options IPFIREWALL_VERBOSE |
| 47 |
# Without this option, even if you specify that packets should be logged in the filter rules, |
Enables code to allow logging of packets through syslogd. |
| 48 |
# nothing will happen. |
Without this option, even if you specify that packets should be logged in the filter rules, |
| 49 |
options IPFIREWALL_VERBOSE_LIMIT=10 #Limits the number of packets logged through syslogd on a per entry basis. |
nothing will happen. |
| 50 |
# You may wish to use this option in hostile environments in which you want to log firewall activity, |
- options IPFIREWALL_VERBOSE_LIMIT=10 |
| 51 |
# but do not want to be open to a denial of service attack via syslog flooding. |
Limits the number of packets logged through syslogd on a per entry basis. |
| 52 |
# When a chain entry reaches the packet limit specified, logging is turned off for that particular entry. |
You may wish to use this option in hostile environments in which you want to log firewall activity, |
| 53 |
# To resume logging, you will need to reset the associated counter using the ipfw(8) utility: |
but do not want to be open to a denial of service attack via syslog flooding. |
| 54 |
# ipfw zero 4500 |
When a chain entry reaches the packet limit specified, logging is turned off for that particular entry. |
| 55 |
# Where 4500 is the chain entry you wish to continue logging. |
To resume logging, you will need to reset the associated counter using the ipfw(8) utility: |
| 56 |
options IPFIREWALL_DEFAULT_TO_ACCEPT #This changes the default rule action from ``deny'' to ``allow''. |
:# ipfw zero 4500 |
| 57 |
# This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet. |
Where 4500 is the chain entry you wish to continue logging. |
| 58 |
# It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise. |
- options IPFIREWALL_DEFAULT_TO_ACCEPT |
| 59 |
# Use with care though, as this opens up the firewall and changes the way it works. |
This changes the default rule action from ``deny'' to ``allow''. |
| 60 |
</pre> |
This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet. |
| 61 |
|
It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise. |
| 62 |
|
Use with care though, as this opens up the firewall and changes the way it works. |
| 63 |
x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local) |
x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local) |
| 64 |
firewall_enabled = "YES" |
firewall_enabled = "YES" |
| 65 |
firewall_type = "<firewall_type>" |
firewall_type = "<firewall_type>" |
Parent Directory
| 
Revision Log
| 
Patch
