Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
Show First 20 Lines • Show All 2,900 Lines • ▼ Show 20 Lines | options IPFILTER_DEFAULT_BLOCK</programlisting> | ||||
will also enable logging and <literal>default pass | will also enable logging and <literal>default pass | ||||
all</literal>. To change the default policy to | all</literal>. To change the default policy to | ||||
<literal>block all</literal> without compiling a custom | <literal>block all</literal> without compiling a custom | ||||
kernel, remember to add a <literal>block all</literal> rule at | kernel, remember to add a <literal>block all</literal> rule at | ||||
the end of the ruleset.</para> | the end of the ruleset.</para> | ||||
<programlisting>ipfilter_enable="YES" # Start ipf firewall | <programlisting>ipfilter_enable="YES" # Start ipf firewall | ||||
ipfilter_rules="/etc/ipf.rules" # loads rules definition text file | ipfilter_rules="/etc/ipf.rules" # loads rules definition text file | ||||
ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6 | |||||
ipmon_enable="YES" # Start IP monitor log | ipmon_enable="YES" # Start IP monitor log | ||||
ipmon_flags="-Ds" # D = start as daemon | ipmon_flags="-Ds" # D = start as daemon | ||||
# s = log to syslog | # s = log to syslog | ||||
# v = log tcp window, ack, seq | # v = log tcp window, ack, seq | ||||
# n = map IP & port to names</programlisting> | # n = map IP & port to names</programlisting> | ||||
<para>If <acronym>NAT</acronym> functionality is needed, also | <para>If <acronym>NAT</acronym> functionality is needed, also | ||||
add these lines:</para> | add these lines:</para> | ||||
▲ Show 20 Lines • Show All 1,333 Lines • Show Last 20 Lines |