Date: Wed, 30 Apr 2003 15:53:04 +0200 From: Dick Hoogendijk <dick@nagual.st> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: IPF and kernel options Message-ID: <20030430135304.GA61089@pooh.nagual.st>
next in thread | raw e-mail | index | archive | help
Excuse me if this sounds like newbie first class.. I run a couple of fbsd workstations, but now I want to migrate one to be the server of my homenetwork. No big deal, but I need a firewall up-and-running. I've chosen for ipf, read a lot about it and set up my rules, but: looking at the kernel config I understand that the GENERIC has no firewall support. LINT shows me quite some "options" but I'm not quite sure which I need and which not. As said I don't plan using ipfw, so I guess I could leave out all references to "ipfirewall"? But what about mrouting, ipstealth, tcpdebug, icmp_bandlim, dummynet, bridge, etc.. =-=-=-from LINT-=-=-= options MROUTING options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE_LIMIT=100 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPV6FIREWALL options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding options TCPDEBUG options RANDOM_IP_ID # Statically link in accept filters options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP options ICMP_BANDLIM options DUMMYNET options BRIDGE =-=-=-=-end-=-=-= A reference to a manual I overlooked it welcome too. I'm not lazy. I just can't find the information needed. Maybe ipfw is the FreeBSD way of firewalling? -- dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 4.8 ++ Debian GNU/Linux (Woody)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430135304.GA61089>