diff --git a/en/handbook/security/chapter.sgml b/en/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en/handbook/security/chapter.sgml +++ b/en/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to diff --git a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to