From f81e290e562ac20ceb2e059ea7ec00630032d187 Mon Sep 17 00:00:00 2001 From: Tim Vanderhoek Date: Tue, 25 May 1999 17:05:50 +0000 Subject: [PATCH] Yes Virginia, you can enable firewalls from /etc/rc.conf. PR: docs/10388 (Dima Sivachenko [3]dima@Chg.RU) --- en/handbook/security/chapter.sgml | 33 ++++++++----------- .../books/handbook/security/chapter.sgml | 33 ++++++++----------- .../books/handbook/security/chapter.sgml | 33 ++++++++----------- 3 files changed, 39 insertions(+), 60 deletions(-) diff --git a/en/handbook/security/chapter.sgml b/en/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en/handbook/security/chapter.sgml +++ b/en/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to diff --git a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995 is located on. - As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the /etc/netstart script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open. - - The actual script used to load the rules is entirely up to you. - There is currently no support in the ipfw utility - for loading multiple rules in the one command. The system I use is to - use the command: - - &prompt.root; ipfw list - - to write a list of the current rules out to a file, and then use a - text editor to prepend ipfw before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works. + You should enable your firewall from + /etc/rc.conf.local or + /etc/rc.conf. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, ipfw list + will output the current ruleset into a file that you can + pass to rc.conf. If you do not use + /etc/rc.conf.local or + /etc/rc.conf to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + The next problem is what your firewall should actually do! This is largely dependent on what access to