From owner-freebsd-questions@FreeBSD.ORG Wed Jul 28 21:28:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF7BE16A4CE for ; Wed, 28 Jul 2004 21:28:02 +0000 (GMT) Received: from orchid.homeunix.org (avb119.neoplus.adsl.tpnet.pl [83.27.35.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id B88B243D49 for ; Wed, 28 Jul 2004 21:28:01 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] ([192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.12.10/8.12.10) with ESMTP id i6SLRqu8023568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 28 Jul 2004 23:27:59 +0200 (CEST) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <41081A51.60906@orchid.homeunix.org> Date: Wed, 28 Jul 2004 23:27:45 +0200 From: Karol Kwiatkowski User-Agent: Mozilla/5.0 X-Accept-Language: en, pl, en-us MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20040728190254.82842.qmail@web21522.mail.yahoo.com> In-Reply-To: <20040728190254.82842.qmail@web21522.mail.yahoo.com> X-Enigmail-Version: 0.84.2.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamd / ClamAV version 0.74, clamav-milter version 0.74a on orchid.homeunix.org X-Virus-Status: Clean Subject: Re: Kernel Options X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 21:28:03 -0000 bsd hack wrote: > Hi, > I am working with the Kernel config file to optimize it and also to > improve the overall security of the system! Hi, that's good. I'll try to give you some ideas to start inline below: > I have the following quetions: > (1) There are a few options that are not available in the default > kernel... like the IPFIREWALL options(and the like)... I basically need to > know all possible options I can add to the kernel config file! Have a look at /usr/src/sys/i386/conf/NOTES file (assuming your machine architecture is i386, if not look in specific directory): # cat /usr/src/sys/i386/conf/NOTES | head # # NOTES -- Lines that can be cut/pasted into kernel and hints configs. # # This file contains machine dependent kernel configuration notes. For # machine independent notes, look in /sys/conf/NOTES. It points you to another file: usr/src/sys/conf/NOTES. There are options with explanations in both files. Also check FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html > (2) I guess these options can be used to set the kernel variables > accessible through the sysctl command. So can I create my own options so > that I can set a few kernel variables as and when I build the custom > kernel? Any sysctl variable can be set in /etc/sysctl.conf file which is used before system goes to multi-user state. Many of them can be even changed "live". Check man sysctl(8), it will also bring loader.conf(5) to your attention. > Thank you. > > -HKR Good luck, Karol -- Karol Kwiatkowski