Date: Fri, 6 Oct 2000 10:54:48 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny Message-ID: <Pine.LNX.4.10.10010061052460.27303-100000@jamus.xpert.com> In-Reply-To: <xzpya02e6lb.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 Oct 2000, Dag-Erling Smorgrav wrote:
> Roman Shterenzon <roman@xpert.com> writes:
> > The ipfilter in freebsd seems cursed or abandoned.
> > Example: this option is not documented.
> > Another example: there're no hooks to start ipfilter from /etc/rc*
> > eventhough there's PR: 20202
>
> Put this in your rc.conf:
>
> firewall_enable="YES"
> firewall_script="/etc/firewall"
>
> Where /etc/firewall is a shell script that sets up your firewall.
Excerpt from /etc/rc.network:
case ${firewall_enable} in
[Yy][Ee][Ss])
if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
firewall_in_kernel=1
echo "Kernel firewall module loaded."
elif [ "${firewall_in_kernel}" -eq 0 ]; then
echo "Warning: firewall kernel module failed to
load."
fi
;;
esac
..
So obviously this hook is not really right.
--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10010061052460.27303-100000>