Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Aug 2004 18:48:54 +0100
From:      Ceri Davies <ceri@submonkey.net>
To:        doc@FreeBSD.org
Subject:   IPFW && PFIL_HOOKS
Message-ID:  <20040819174854.GB5433@submonkey.net>
next in thread | raw e-mail | index | archive | help 

--GdlkuMH+DRYbUHkj
Content-Type: multipart/mixed; boundary="1AtvaQRkIQxkm1Oe"
Content-Disposition: inline


--1AtvaQRkIQxkm1Oe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Attached is a diff to the handbook that updates the details of how to
get IPFW working, and which I don't really like much.  Help me batter it
into shape please.

Cheers,

Ceri
--=20
It is not tinfoil, it is my new skin.  I am a robot.

--1AtvaQRkIQxkm1Oe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ipfw.diff"
Content-Transfer-Encoding: quoted-printable

Index: security/chapter.sgml
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /home/dcvs/doc/en_US.ISO8859-1/books/handbook/security/chapter.sg=
ml,v
retrieving revision 1.212
diff -u -r1.212 chapter.sgml
--- security/chapter.sgml	18 Aug 2004 09:18:54 -0000	1.212
+++ security/chapter.sgml	19 Aug 2004 17:48:19 -0000
@@ -2890,7 +2890,7 @@
 	  any</literal> and avoid the possibility of a lockout.</para>
       </warning>
=20
-      <para>There are currently four kernel configuration options relevant=
 to
+      <para>There are currently five kernel configuration options relevant=
 to
 	IPFW:</para>
 	 =20
       <variablelist>
@@ -2947,6 +2947,17 @@
 	      &man.ipfw.8; as a filter for specific problems as they arise.
 	      Use with care though, as this opens up the firewall and changes
 	      the way it works.</para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term><literal>options PFIL_HOOKS</literal></term>
+
+	  <listitem>
+	    <para>Versions of &os; from 5.3-RELEASE and upwards require
+	      this option to add callout hooks for packet filters; on
+	      these versions of &os;, IPFW will not work without this
+	      option.</para>
 	  </listitem>
 	</varlistentry>
       </variablelist>

--1AtvaQRkIQxkm1Oe--

--GdlkuMH+DRYbUHkj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBJOgGocfcwTS3JF8RAkEcAJ0W2+Ct9iiQx6uSP0p4ePZUtKAjCQCeJE3N
lBn+3TXhI7xndPe/Jd2MlYE=
=j7Bj
-----END PGP SIGNATURE-----

--GdlkuMH+DRYbUHkj--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040819174854.GB5433>