From owner-freebsd-questions@FreeBSD.ORG Wed Apr 30 06:53:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F54037B401 for ; Wed, 30 Apr 2003 06:53:13 -0700 (PDT) Received: from nagual.st (cc20684-a.assen1.dr.home.nl [217.120.160.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CF3F43F93 for ; Wed, 30 Apr 2003 06:53:12 -0700 (PDT) (envelope-from dick@nagual.st) Received: from pooh.nagual.st (localhost.nagual.st [127.0.0.1]) by nagual.st (8.12.8p1/8.12.8/torin) with ESMTP id h3UDr5Qw071674 for ; Wed, 30 Apr 2003 15:53:05 +0200 (CEST) (envelope-from dick@pooh.nagual.st) Received: (from dick@localhost) by pooh.nagual.st (8.12.8p1/8.12.8/Submit) id h3UDr44n071616 for freebsd-questions@freebsd.org; Wed, 30 Apr 2003 15:53:04 +0200 (CEST) (envelope-from dick) From: Dick Hoogendijk Date: Wed, 30 Apr 2003 15:53:04 +0200 To: freebsd-questions Message-ID: <20030430135304.GA61089@pooh.nagual.st> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: IPF and kernel options X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2003 13:53:13 -0000 Excuse me if this sounds like newbie first class.. I run a couple of fbsd workstations, but now I want to migrate one to be the server of my homenetwork. No big deal, but I need a firewall up-and-running. I've chosen for ipf, read a lot about it and set up my rules, but: looking at the kernel config I understand that the GENERIC has no firewall support. LINT shows me quite some "options" but I'm not quite sure which I need and which not. As said I don't plan using ipfw, so I guess I could leave out all references to "ipfirewall"? But what about mrouting, ipstealth, tcpdebug, icmp_bandlim, dummynet, bridge, etc.. =-=-=-from LINT-=-=-= options MROUTING options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPV6FIREWALL options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding options TCPDEBUG options RANDOM_IP_ID # Statically link in accept filters options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP options ICMP_BANDLIM options DUMMYNET options BRIDGE =-=-=-=-end-=-=-= A reference to a manual I overlooked it welcome too. I'm not lazy. I just can't find the information needed. Maybe ipfw is the FreeBSD way of firewalling? -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.8 ++ Debian GNU/Linux (Woody)