Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/firewalls/chapter.xml
| Show First 20 Lines • Show All 2,900 Lines • ▼ Show 20 Lines | options IPFILTER_DEFAULT_BLOCK</programlisting> | ||||
| will also enable logging and <literal>default pass | will also enable logging and <literal>default pass | ||||
| all</literal>. To change the default policy to | all</literal>. To change the default policy to | ||||
| <literal>block all</literal> without compiling a custom | <literal>block all</literal> without compiling a custom | ||||
| kernel, remember to add a <literal>block all</literal> rule at | kernel, remember to add a <literal>block all</literal> rule at | ||||
| the end of the ruleset.</para> | the end of the ruleset.</para> | ||||
| <programlisting>ipfilter_enable="YES" # Start ipf firewall | <programlisting>ipfilter_enable="YES" # Start ipf firewall | ||||
| ipfilter_rules="/etc/ipf.rules" # loads rules definition text file | ipfilter_rules="/etc/ipf.rules" # loads rules definition text file | ||||
| ipv6_ipfilter_rules="/etc/ipf6.rules" # loads rules definition text file for IPv6 | |||||
| ipmon_enable="YES" # Start IP monitor log | ipmon_enable="YES" # Start IP monitor log | ||||
| ipmon_flags="-Ds" # D = start as daemon | ipmon_flags="-Ds" # D = start as daemon | ||||
| # s = log to syslog | # s = log to syslog | ||||
| # v = log tcp window, ack, seq | # v = log tcp window, ack, seq | ||||
| # n = map IP & port to names</programlisting> | # n = map IP & port to names</programlisting> | ||||
| <para>If <acronym>NAT</acronym> functionality is needed, also | <para>If <acronym>NAT</acronym> functionality is needed, also | ||||
| add these lines:</para> | add these lines:</para> | ||||
| ▲ Show 20 Lines • Show All 1,333 Lines • Show Last 20 Lines | |||||