Date: Fri, 6 Oct 2000 10:54:48 +0200 (IST) From: Roman Shterenzon <roman@xpert.com> To: Dag-Erling Smorgrav <des@ofug.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny Message-ID: <Pine.LNX.4.10.10010061052460.27303-100000@jamus.xpert.com> In-Reply-To: <xzpya02e6lb.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6 Oct 2000, Dag-Erling Smorgrav wrote: > Roman Shterenzon <roman@xpert.com> writes: > > The ipfilter in freebsd seems cursed or abandoned. > > Example: this option is not documented. > > Another example: there're no hooks to start ipfilter from /etc/rc* > > eventhough there's PR: 20202 > > Put this in your rc.conf: > > firewall_enable="YES" > firewall_script="/etc/firewall" > > Where /etc/firewall is a shell script that sets up your firewall. Excerpt from /etc/rc.network: case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac .. So obviously this hook is not really right. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10010061052460.27303-100000>