From owner-freebsd-questions Fri Jan 19 14:21:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id E446537B401 for ; Fri, 19 Jan 2001 14:21:26 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0JMOHB11798; Fri, 19 Jan 2001 14:24:17 -0800 (PST) (envelope-from kris) Date: Fri, 19 Jan 2001 14:24:17 -0800 From: Kris Kennaway To: Igor Vieira Debacker Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall Message-ID: <20010119142417.C11579@citusc17.usc.edu> References: <001d01c0824b$be617530$502ca8c0@MMDSC.COM.BR> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="qjNfmADvan18RZcF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <001d01c0824b$be617530$502ca8c0@MMDSC.COM.BR>; from igor@viamax.com.br on Fri, Jan 19, 2001 at 04:12:18PM -0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --qjNfmADvan18RZcF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 19, 2001 at 04:12:18PM -0300, Igor Vieira Debacker wrote: > Greetings, >=20 > I'm working on a company where a FREEBSD is installed. I'm not the guy wi= ch > installed it, and i'm not a great BSD user too. But today i tryed to inst= all > some Firewall Rulez... and when i tryed to do this: >=20 > su-2.04# ipfw list >=20 > I got the following answer: >=20 > ipfw: getsockopt(IP_FW_GET): Protocol not available You need to have ipfw support in your kernel. You don't mention what version of FreeBSD you're using, but in recent (4.x) versions you can load it dynamically by doing a 'kldload ipfw'. Note that the default behaviour of the ipfw module is to deny all IP traffic - so doing this step remotely is fairly dangerous. See the ipfw(8) manpage for more. You can also compile ipfw into your kernel: see the following options documented in LINT: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=3D100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default See the handbook for more information about how to compile a kernel. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --qjNfmADvan18RZcF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6aL6QWry0BWjoQKURArQsAKC8Eoyw45ZTLOp7FvmnDBMBfRqlXgCfeRiq DBWqSdiDD5IauU0YPOrqmEo= =WApw -----END PGP SIGNATURE----- --qjNfmADvan18RZcF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message