Date: Thu, 18 Dec 1997 11:33:31 -0600 (CST) From: Alex Nash <nash@Mcs.Net> To: Adam Shostack <adam@homeport.org> Cc: Firewall Wizards List <firewall-wizards@nfr.net>, freebsd-security@FreeBSD.ORG Subject: Re: Kernel options for FW? Message-ID: <Pine.BSF.3.95.971218113056.1783D-100000@Jupiter.Mcs.Net> In-Reply-To: <199712181615.LAA14478@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Dec 1997, Adam Shostack wrote: > options IPFORWSRCRT=0 //Turn off source routing. This is the default. It is controllable via sysctl. > options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't > //need to run as root. I don't know if there's a good way of doing this, but you could hack IPPORT_RESERVED in in.h (unfortunately this isn't surrounded by an ifndef, so you can't just thrown options IPPORT_RESERVED into your kernel config). > options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel. This is the default for FreeBSD's ipfw. Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971218113056.1783D-100000>