Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Jan 2001 14:24:17 -0800
From:      Kris Kennaway <kris@FreeBSD.ORG>
To:        Igor Vieira Debacker <igor@viamax.com.br>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Firewall
Message-ID:  <20010119142417.C11579@citusc17.usc.edu>
In-Reply-To: <001d01c0824b$be617530$502ca8c0@MMDSC.COM.BR>; from igor@viamax.com.br on Fri, Jan 19, 2001 at 04:12:18PM -0300
References:  <001d01c0824b$be617530$502ca8c0@MMDSC.COM.BR>
next in thread | previous in thread | raw e-mail | index | archive | help 

--qjNfmADvan18RZcF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 19, 2001 at 04:12:18PM -0300, Igor Vieira Debacker wrote:
> Greetings,
>=20
> I'm working on a company where a FREEBSD is installed. I'm not the guy wi=
ch
> installed it, and i'm not a great BSD user too. But today i tryed to inst=
all
> some Firewall Rulez... and when i tryed to do this:
>=20
> su-2.04# ipfw list
>=20
> I got the following answer:
>=20
> ipfw: getsockopt(IP_FW_GET): Protocol not available

You need to have ipfw support in your kernel. You don't mention what
version of FreeBSD you're using, but in recent (4.x) versions you can
load it dynamically by doing a 'kldload ipfw'. Note that the default
behaviour of the ipfw module is to deny all IP traffic - so doing this
step remotely is fairly dangerous. See the ipfw(8) manpage for more.

You can also compile ipfw into your kernel: see the following options
documented in LINT:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPFIREWALL_VERBOSE_LIMIT=3D100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default

See the handbook for more information about how to compile a kernel.

Kris

--=20
NOTE: To fetch an updated copy of my GPG key which has not expired,
finger kris@FreeBSD.org

--qjNfmADvan18RZcF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6aL6QWry0BWjoQKURArQsAKC8Eoyw45ZTLOp7FvmnDBMBfRqlXgCfeRiq
DBWqSdiDD5IauU0YPOrqmEo=
=WApw
-----END PGP SIGNATURE-----

--qjNfmADvan18RZcF--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119142417.C11579>