os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Yes Virginia, you can enable firewalls from /etc/rc.conf.

Browse source 
PR:		docs/10388 (Dima Sivachenko [3]dima@Chg.RU)
This commit is contained in:
Tim Vanderhoek 1999-05-25 17:05:50 +00:00
parent d6f67f3455
commit f81e290e56
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=4946
3 changed files with 39 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
en/handbook/security/chapter.sgml
View file

@ -1,7 +1,7 @@
<!-- <!--
The FreeBSD Documentation Project The FreeBSD Documentation Project
$Id: chapter.sgml,v 1.14 1999-05-16 13:26:28 nik Exp $ $Id: chapter.sgml,v 1.15 1999-05-25 17:05:50 hoek Exp $
--> -->
<chapter id="security"> <chapter id="security">
@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
is located on.</para> is located on.</para>
</note> </note>
<para>As currently supplied, FreeBSD does not have the ability to load <para>You should enable your firewall from
firewall rules at boot time. My suggestion is to put a call to a <filename>/etc/rc.conf.local</filename> or
shell script in the <filename>/etc/netstart</filename> script. Put <filename>/etc/rc.conf</filename>. The associated manpage explains
the call early enough in the netstart file so that the firewall is which knobs to fiddle and lists some preset firewall configurations.
configured before any of the IP interfaces are configured. This means If you do not use a preset configuration, <command>ipfw list</command>
that there is no window during which time your network is open.</para> will output the current ruleset into a file that you can
pass to <filename>rc.conf</filename>. If you do not use
<para>The actual script used to load the rules is entirely up to you. <filename>/etc/rc.conf.local</filename> or
There is currently no support in the <command>ipfw</command> utility <filename>/etc/rc.conf</filename> to enable your firewall,
for loading multiple rules in the one command. The system I use is to it is important to make sure your firewall is enabled before
use the command:</para> any IP interfaces are configured.
</para>
<screen>&prompt.root; <userinput>ipfw list</userinput></screen>
<para>to write a list of the current rules out to a file, and then use a
text editor to prepend <literal>ipfw </literal> before all the lines.
This will allow the script to be fed into /bin/sh and reload the rules
into the kernel. Perhaps not the most efficient way, but it
works.</para>
<para>The next problem is what your firewall should actually <para>The next problem is what your firewall should actually
<emphasis>do</emphasis>! This is largely dependent on what access to <emphasis>do</emphasis>! This is largely dependent on what access to

33
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -1,7 +1,7 @@
<!-- <!--
The FreeBSD Documentation Project The FreeBSD Documentation Project
$Id: chapter.sgml,v 1.14 1999-05-16 13:26:28 nik Exp $ $Id: chapter.sgml,v 1.15 1999-05-25 17:05:50 hoek Exp $
--> -->
<chapter id="security"> <chapter id="security">
@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
is located on.</para> is located on.</para>
</note> </note>
<para>As currently supplied, FreeBSD does not have the ability to load <para>You should enable your firewall from
firewall rules at boot time. My suggestion is to put a call to a <filename>/etc/rc.conf.local</filename> or
shell script in the <filename>/etc/netstart</filename> script. Put <filename>/etc/rc.conf</filename>. The associated manpage explains
the call early enough in the netstart file so that the firewall is which knobs to fiddle and lists some preset firewall configurations.
configured before any of the IP interfaces are configured. This means If you do not use a preset configuration, <command>ipfw list</command>
that there is no window during which time your network is open.</para> will output the current ruleset into a file that you can
pass to <filename>rc.conf</filename>. If you do not use
<para>The actual script used to load the rules is entirely up to you. <filename>/etc/rc.conf.local</filename> or
There is currently no support in the <command>ipfw</command> utility <filename>/etc/rc.conf</filename> to enable your firewall,
for loading multiple rules in the one command. The system I use is to it is important to make sure your firewall is enabled before
use the command:</para> any IP interfaces are configured.
</para>
<screen>&prompt.root; <userinput>ipfw list</userinput></screen>
<para>to write a list of the current rules out to a file, and then use a
text editor to prepend <literal>ipfw </literal> before all the lines.
This will allow the script to be fed into /bin/sh and reload the rules
into the kernel. Perhaps not the most efficient way, but it
works.</para>
<para>The next problem is what your firewall should actually <para>The next problem is what your firewall should actually
<emphasis>do</emphasis>! This is largely dependent on what access to <emphasis>do</emphasis>! This is largely dependent on what access to

33
en_US.ISO_8859-1/books/handbook/security/chapter.sgml
View file

@ -1,7 +1,7 @@
<!-- <!--
The FreeBSD Documentation Project The FreeBSD Documentation Project
$Id: chapter.sgml,v 1.14 1999-05-16 13:26:28 nik Exp $ $Id: chapter.sgml,v 1.15 1999-05-25 17:05:50 hoek Exp $
--> -->
<chapter id="security"> <chapter id="security">
@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
is located on.</para> is located on.</para>
</note> </note>
<para>As currently supplied, FreeBSD does not have the ability to load <para>You should enable your firewall from
firewall rules at boot time. My suggestion is to put a call to a <filename>/etc/rc.conf.local</filename> or
shell script in the <filename>/etc/netstart</filename> script. Put <filename>/etc/rc.conf</filename>. The associated manpage explains
the call early enough in the netstart file so that the firewall is which knobs to fiddle and lists some preset firewall configurations.
configured before any of the IP interfaces are configured. This means If you do not use a preset configuration, <command>ipfw list</command>
that there is no window during which time your network is open.</para> will output the current ruleset into a file that you can
pass to <filename>rc.conf</filename>. If you do not use
<para>The actual script used to load the rules is entirely up to you. <filename>/etc/rc.conf.local</filename> or
There is currently no support in the <command>ipfw</command> utility <filename>/etc/rc.conf</filename> to enable your firewall,
for loading multiple rules in the one command. The system I use is to it is important to make sure your firewall is enabled before
use the command:</para> any IP interfaces are configured.
</para>
<screen>&prompt.root; <userinput>ipfw list</userinput></screen>
<para>to write a list of the current rules out to a file, and then use a
text editor to prepend <literal>ipfw </literal> before all the lines.
This will allow the script to be fed into /bin/sh and reload the rules
into the kernel. Perhaps not the most efficient way, but it
works.</para>
<para>The next problem is what your firewall should actually <para>The next problem is what your firewall should actually
<emphasis>do</emphasis>! This is largely dependent on what access to <emphasis>do</emphasis>! This is largely dependent on what access to