Date: Sat, 11 Mar 2000 04:52:17 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Ben H <bens_lists@mailandnews.com> Cc: freebsd-questions@freebsd.org Subject: Re: Using IPFILTER Message-ID: <20000311045217.A90301@hades.hell.gr> In-Reply-To: <20000307230057.A1357@lust.poo.pants>; from bens_lists@mailandnews.com on Tue, Mar 07, 2000 at 11:00:57PM %2B0000 References: <20000307230057.A1357@lust.poo.pants>
next in thread | previous in thread | raw e-mail | index | archive | help
[ moved to -questions, where it fits better than -security ] On Tue, Mar 07, 2000 at 11:00:57PM +0000, Ben H wrote: > i (like im sure many) would like to use IPFILTER (ipf, ipnat) instead > of/aswell as IPFIREWALL (ipf, natd). and i cant get it working. > > my KERNEL (well some of it) looks like: > > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #print information about stuff > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPDIVERT #divert sockets You can safely remove _all_ these options, if you're not going to use ipfw. But see below... > options IPFILTER #kernel ipfilter support > options IPFILTER_LOG #ipfilter logging > options IPSTEALTH #support for stealth forwarding These are exactly the options I use for my ipf/ipnat kernel. > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN > options TCP_RESTRICT_RST #restrict emission of TCP RST > options "ICMP_BANDLIM" #Limit icmp bandywitdh I dunno about these. I've used them with IPFILTER, and they seem to work for me, without enabling IPFIREWALL too. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr PGP fingerprint, phone and address in the headers of this message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000311045217.A90301>