From owner-freebsd-current Mon Jul 29 10:12:11 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FACF37B400 for ; Mon, 29 Jul 2002 10:12:09 -0700 (PDT) Received: from mx1.datanet.hu (mx1.datanet.hu [194.149.13.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D66F43E6A for ; Mon, 29 Jul 2002 10:12:08 -0700 (PDT) (envelope-from sziszi@bsd.hu) Received: from fonix.adamsfamily.xx (nilus-1897.adsl.datanet.hu [195.56.95.119]) by mx1.datanet.hu (DataNet) with ESMTP id 6D10426B6A7 for ; Mon, 29 Jul 2002 19:12:06 +0200 (CEST) Received: from fonix.adamsfamily.xx (localhost [127.0.0.1]) by fonix.adamsfamily.xx (8.12.5/8.12.5) with ESMTP id g6THCbBI001254 for ; Mon, 29 Jul 2002 19:12:37 +0200 (CEST) (envelope-from sziszi@bsd.hu) Received: (from cc@localhost) by fonix.adamsfamily.xx (8.12.5/8.12.5/Submit) id g6THCbcP001253 for current@FreeBSD.ORG; Mon, 29 Jul 2002 19:12:37 +0200 (CEST) X-Authentication-Warning: fonix.adamsfamily.xx: cc set sender to sziszi@bsd.hu using -f Date: Mon, 29 Jul 2002 19:12:36 +0200 From: Szilveszter Adam To: freebsd-current Subject: Re: firewall support? Message-ID: <20020729171236.GB1151@fonix.adamsfamily.xx> Mail-Followup-To: Szilveszter Adam , freebsd-current References: <1027839486.324.3.camel@enterprise.workgroup> <20020728074931.GB872@fonix.adamsfamily.xx> <20020729124450.GC41804@starjuice.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020729124450.GC41804@starjuice.net> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jul 29, 2002 at 02:44:50PM +0200, Sheldon Hearn wrote: > On (2002/07/28 09:49), Szilveszter Adam wrote: > > > > is firewall support built into the -current kernel or does it need to be > > > compiled in? > > > > It is not in GENERIC, but you can always either compile it in, or load > > it from a module by editing /boot/loader.conf. > > Beware! > > AFAIK, the kernel-loadable version of IPFW (ipfw.ko) defaults to deny! Correct. But we also have ipfilter, which is also loadable... but I did not want to be specific. If there are other questions, I will. > Enable with care on remotely managed systems for which you do not have > serial console access. It's not for nothing that the first rule of firewall configuration: "Show up!" (at the console). Many a surprise can be averted this way...:-) -- Regards: Szilveszter ADAM Szombathely Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message