- remove WIP note from the IPFW section, I don't think it belongs there,
all documentation is actually WIP... - add a note that IPFW now supports both IPv4 and IPv6 - remove now obsoleted IPV6FIREWALL* options (see http://lists.freebsd.org/pipermail/freebsd-questions/2008-December/189329.html) Inspired by: http://forums.freebsd.org/showthread.php?t=1110
This commit is contained in:
Daniel Gerzo
parent
cbefc858e6
commit
64579782ad
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=33514
1 changed files with 4 additions and 16 deletions
|
|
@ -2124,11 +2124,6 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
|
|||
<secondary>IPFW</secondary>
|
||||
</indexterm>
|
||||
|
||||
<note>
|
||||
<para>This section is work in progress. The contents might
|
||||
not be accurate at all times.</para>
|
||||
</note>
|
||||
|
||||
<para>The IPFIREWALL (IPFW) is a &os; sponsored firewall software
|
||||
application authored and maintained by &os; volunteer staff
|
||||
members. It uses the legacy stateless rules and a legacy rule
|
||||
|
|
@ -2136,7 +2131,8 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
|
|||
Stateful logic.</para>
|
||||
|
||||
<para>The IPFW sample rule set (found in
|
||||
<filename>/etc/rc.firewall</filename>) in the standard &os;
|
||||
<filename>/etc/rc.firewall</filename> and
|
||||
<filename>/etc/rc.firewall6</filename>) in the standard &os;
|
||||
install is rather simple and it is not expected that it used
|
||||
directly without modifications. The example does not use
|
||||
stateful filtering, which is beneficial in most setups, so it
|
||||
|
|
@ -2159,7 +2155,8 @@ pass in quick on rl0 proto tcp from any to any port = 20 flags S keep state</pro
|
|||
rule which triggers the <acronym>NAT</acronym> facility, and the
|
||||
advanced special purpose facilities, the dummynet traffic shaper
|
||||
facilities, the 'fwd rule' forward facility, the bridge
|
||||
facility, and the ipstealth facility.</para>
|
||||
facility, and the ipstealth facility. IPFW supports both IPv4
|
||||
and IPv6.</para>
|
||||
|
||||
<sect2 id="firewalls-ipfw-enable">
|
||||
<title>Enabling IPFW</title>
|
||||
|
|
@ -2256,15 +2253,6 @@ net.inet.ip.fw.verbose_limit=5</programlisting>
|
|||
firewall by default, which is a good idea when you are first
|
||||
setting up your firewall.</para>
|
||||
|
||||
<programlisting>options IPV6FIREWALL
|
||||
options IPV6FIREWALL_VERBOSE
|
||||
options IPV6FIREWALL_VERBOSE_LIMIT
|
||||
options IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
|
||||
|
||||
<para>These options are exactly the same as the IPv4 options but
|
||||
they are for IPv6. If you do not use IPv6 you might want to
|
||||
use IPV6FIREWALL without any rules to block all IPv6</para>
|
||||
|
||||
<indexterm>
|
||||
<primary>kernel options</primary>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue