From owner-dev-commits-src-main@freebsd.org Thu Mar 18 17:40:14 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 845A357E81C; Thu, 18 Mar 2021 17:40:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1Z6k31Dfz4VcC; Thu, 18 Mar 2021 17:40:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5A42625AD1; Thu, 18 Mar 2021 17:40:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 12IHeEQR069853; Thu, 18 Mar 2021 17:40:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 12IHeE44069846; Thu, 18 Mar 2021 17:40:14 GMT (envelope-from git) Date: Thu, 18 Mar 2021 17:40:14 GMT Message-Id: <202103181740.12IHeE44069846@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Daniel Ebdrup Jensen Subject: git: c39dda81923a - main - rc.conf(5): Document the 'workstation' firewall_type MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: debdrup X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c39dda81923a26116241fbe996351133c86ad97a Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2021 17:40:14 -0000 The branch main has been updated by debdrup (doc committer): URL: https://cgit.FreeBSD.org/src/commit/?id=c39dda81923a26116241fbe996351133c86ad97a commit c39dda81923a26116241fbe996351133c86ad97a Author: Tobias Rehbein AuthorDate: 2021-03-18 17:01:09 +0000 Commit: Daniel Ebdrup Jensen CommitDate: 2021-03-18 17:39:24 +0000 rc.conf(5): Document the 'workstation' firewall_type Document the workstation ACL ruleset, which uses stateful rules. While here, add a note about where some of the undocumented variables can be found. This is not a perfect solution for bug 127359, but it at at least gives a place to go look, and can be used as a reference for when bug 127359 gets fixed properly. PR: 254358, 127359 --- share/man/man5/rc.conf.5 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index fef0f167d1a5..ddf4ea120df5 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -539,7 +539,7 @@ Valid selections from .Pa /etc/rc.firewall are: .Pp -.Bl -tag -width ".Li simple" -compact +.Bl -tag -width ".Li workstation" -compact .It Li open unrestricted IP access .It Li closed @@ -547,12 +547,18 @@ all IP services disabled, except via .Dq Li lo0 .It Li client basic protection for a workstation +.It Li workstation +basic protection for a workstation using stateful firewalling .It Li simple basic protection for a LAN. .El .Pp If a filename is specified, the full path must be given. +.Pp +Most of the predefined rulesets define additional configuration variables. +These are documented in +.Pa /etc/rc.firewall . .It Va firewall_quiet .Pq Vt bool Set to