Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Apr 2003 15:53:04 +0200
From:      Dick Hoogendijk <dick@nagual.st>
To:        freebsd-questions <freebsd-questions@freebsd.org>
Subject:   IPF and kernel options
Message-ID:  <20030430135304.GA61089@pooh.nagual.st>

next in thread | raw e-mail | index | archive | help
Excuse me if this sounds like newbie first class..
I run a couple of fbsd workstations, but now I want to migrate one to be
the server of my homenetwork.
No big deal, but I need a firewall up-and-running. I've chosen for ipf,
read a lot about it and set up my rules, but: looking at the kernel
config I understand that the GENERIC has no firewall support.

LINT shows me quite some "options" but I'm not quite sure which I need
and which not. As said I don't plan using ipfw, so I guess I could leave
out all references to "ipfirewall"? But what about mrouting, ipstealth,
tcpdebug, icmp_bandlim, dummynet, bridge, etc..

=-=-=-from LINT-=-=-=
options 	MROUTING
options 	IPFIREWALL
options 	IPFIREWALL_VERBOSE
options 	IPFIREWALL_FORWARD
options 	IPFIREWALL_VERBOSE_LIMIT=100
options 	IPFIREWALL_DEFAULT_TO_ACCEPT
options 	IPV6FIREWALL
options 	IPV6FIREWALL_VERBOSE
options 	IPV6FIREWALL_VERBOSE_LIMIT=100
options 	IPV6FIREWALL_DEFAULT_TO_ACCEPT
options 	IPDIVERT

options 	IPFILTER		#ipfilter support
options 	IPFILTER_LOG		#ipfilter logging
options 	IPFILTER_DEFAULT_BLOCK	#block all packets by default
options 	IPSTEALTH		#support for stealth forwarding
options 	TCPDEBUG

options 	RANDOM_IP_ID

# Statically link in accept filters
options 	ACCEPT_FILTER_DATA
options 	ACCEPT_FILTER_HTTP

options 	ICMP_BANDLIM

options 	DUMMYNET
options 	BRIDGE
=-=-=-=-end-=-=-=

A reference to a manual I overlooked it welcome too. I'm not lazy. I
just can't find the information needed. Maybe ipfw is the FreeBSD way of
firewalling?

-- 
dick -- http://www.nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.8 ++ Debian GNU/Linux (Woody)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430135304.GA61089>