Date: Wed, 30 Sep 1998 10:17:37 +0200 From: Johann Visagie <wjv@cityip.co.za> To: Shawn Ramsey <shawn@cpl.net>, questions@FreeBSD.ORG Subject: Re: IPFIREWALL Message-ID: <19980930101737.F28108@cityip.co.za> In-Reply-To: <19980929231837.53365@cpl.net>; from Shawn Ramsey on Tue, Sep 29, 1998 at 11:18:37PM -0700 References: <19980929231837.53365@cpl.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Sep 1998 at 23:18 SAT, Shawn Ramsey wrote: > > Do I need both of these options, or just one or the other ? > > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #print information about The first options enables the kernel's ipfw support. If you've enabled the first option, then enabling the second one as well allows you to log accepted or rejected packages to syslog. This is _highly_ recommended; personally, I think the ability to log is about 90% of ipfw's usefulness. Also note that there's an IPFIREWALL_VERBOSE_LIMIT option. You can use this to limit the number of messages logged to syslog, in order to prevent denial-of-service attacks (attackers intentionally filling up your filesystem with logs by sending you packets which your server rejects and logs). -- V Johann Visagie | Email: wjv@CityIP.co.za | Tel: +27 21 419-7878 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980930101737.F28108>