Date: Thu, 18 Dec 1997 11:15:02 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: firewall-wizards@nfr.net (Firewall Wizards List), freebsd-security@FreeBSD.ORG Subject: Kernel options for FW? Message-ID: <199712181615.LAA14478@homeport.org>
next in thread | raw e-mail | index | archive | help
(This is not meant to spark a religious war. I'm asking for help configuring a kernel, and comparing kernel security features between FreeBSD and NetBSD to make a reasonable decision.) On Netbsd, I'd enable the following options. I can't find equivilents to these on FreeBSD. Do they exist, and what are they? Also, I know Freebsd sets kernel security wrong (-1) by default, and that needs to be fixed. Are there other things that I should know about on Freebsd to do everything right? options IPFORWSRCRT=0 //Turn off source routing. options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't //need to run as root. options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel. options FDSCRIPTS // Allow a script to be run if it is x only, by // passing a file descriptor to the interpreter, // avoiding some race conditions. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712181615.LAA14478>