From owner-freebsd-questions  Wed Sep 30 01:20:21 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA21956
          for freebsd-questions-outgoing; Wed, 30 Sep 1998 01:20:21 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from ns.cityip.co.za (ns.cityip.co.za [196.25.223.140])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA21690
          for <questions@freebsd.org>; Wed, 30 Sep 1998 01:18:52 -0700 (PDT)
          (envelope-from wjv@cityip.co.za)
Received: from wjv by ns.cityip.co.za with local (Exim 1.82 #2)
	id 0zOHS5-0007Kg-00; Wed, 30 Sep 1998 10:17:37 +0200
Message-ID: <19980930101737.F28108@cityip.co.za>
Date: Wed, 30 Sep 1998 10:17:37 +0200
From: Johann Visagie <wjv@cityip.co.za>
To: Shawn Ramsey <shawn@cpl.net>, questions@FreeBSD.ORG
Subject: Re: IPFIREWALL
Mail-Followup-To: Shawn Ramsey <shawn@cpl.net>, questions@FreeBSD.ORG
References: <19980929231837.53365@cpl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <19980929231837.53365@cpl.net>; from Shawn Ramsey on Tue, Sep 29, 1998 at 11:18:37PM -0700
X-PGP: ftp://ftp.cityip.co.za/users/wjv/pubkey.asc
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 29 Sep 1998 at 23:18 SAT, Shawn Ramsey wrote:
>
> Do I need both of these options, or just one or the other ? 
> 
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_VERBOSE      #print information about

The first options enables the kernel's ipfw support.  If you've enabled the
first option, then enabling the second one as well allows you to log accepted
or rejected packages to syslog.  This is _highly_ recommended;  personally, I
think the ability to log is about 90% of ipfw's usefulness.

Also note that there's an IPFIREWALL_VERBOSE_LIMIT option.  You can use this
to limit the number of messages logged to syslog, in order to prevent
denial-of-service attacks (attackers intentionally filling up your filesystem
with logs by sending you packets which your server rejects and logs).

-- V

Johann Visagie | Email: wjv@CityIP.co.za | Tel: +27 21 419-7878

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message