Date: Thu, 23 Feb 2006 19:16:20 +0000 (UTC) From: Daniel Gerzo <danger@rulez.sk> To: FreeBSD-gnats-submit@FreeBSD.org Subject: docs/93764: [patch] addition to firewalls section - ipfw Message-ID: <20060223191620.9620D483F6A@tomas.elvandar.org> Resent-Message-ID: <200602231920.k1NJK4tk030494@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 93764
>Category: docs
>Synopsis: [patch] addition to firewalls section - ipfw
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 23 19:20:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Daniel Gerzo
>Release: FreeBSD 6.1-PRERELEASE i386
>Organization:
rulez.sk
>Environment:
System: FreeBSD 6.1-PRERELEASE #0: Wed Feb 15 02:22:30 CET 2006 root@redqueen.elvandar.org:/usr/obj/usr/src/sys/REDQUEEN i386
>Description:
>How-To-Repeat:
>Fix:
--- ipfw.diff begins here ---
--- /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml.orig Wed Feb 15 18:10:07 2006
+++ /usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml Wed Feb 22 10:00:23 2006
@@ -2283,7 +2283,50 @@
<para>Set the script to run to activate your rules:</para>
- <programlisting>firewall_script="/etc/ipfw.rules"</programlisting>
+ <programlisting>firewall_script="/etc/rc.firewall"</programlisting>
+
+ <para>Set the type of firewall. This enables a simple pre-set
+ ruleset for <application>IPFW</application>:</para>
+
+ <programlisting>firewall_type="open"</programlisting>
+
+ <para>Available values for this setting are:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><literal>open</literal> — allow anyone in.</para>
+ </listitem>
+ <listitem>
+ <para><literal>client</literal> — will protect only this
+ machine.</para>
+ </listitem>
+ <listitem>
+ <para><literal>simple</literal> — protect the whole
+ network.</para>
+ </listitem>
+ <listitem>
+ <para><literal>closed</literal> — entirely disables IP
+ services except via lo0 interface.</para>
+ </listitem>
+ <listitem>
+ <para><literal>UNKNOWN</literal> — disables the loading
+ of firewall rules.</para>
+ </listitem>
+ <listitem>
+ <para><replaceable>filename</replaceable> — will load the rules
+ in the given filename (full path required).</para>
+ </listitem>
+ </itemizedlist>
+
+ <note>
+ <para>If <literal>firewall_type</literal> is set either to
+ <literal>client</literal> or <literal>simple</literal>, the
+ default rules found in <filename>/etc/rc.firewall</filename>
+ should be reviewed to fit to the setup of the given machine.
+ Also note, that the examples used in this chapter expect that
+ the <literal>firewall_type</literal> is set to
+ <filename>/etc/ipfw.rules</filename>.</para>
+ </note>
<para>Enable logging:</para>
--- ipfw.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060223191620.9620D483F6A>