 |
|
2 Kernel Options
In order to use IPFW, support for it must be compiled into the kernel. For more information on how to recompile the kernel, please see the kernel configuration section in the Handbook. The following options must be added into your kernel configuration file for IPFW support:
- options IPFIREWALL
-
Enables the kernel firewall code.
Note: This document assumes that you are running FreeBSD 5.X. Users running FreeBSD 4.X will need to recompile their kernels with IPFW2 support. FreeBSD 4.X users should consult the ipfw(8) manual page for more information on using IPFW2 on their systems, and should pay particular attention to the USING IPFW2 IN FreeBSD-STABLE section.
- options IPFIREWALL_VERBOSE
-
Sends logged packets to the system logger.
- options IPFIREWALL_VERBOSE_LIMIT=500
-
Limits the number of times a matching entry may be logged. This allows you to log firewall activity without the risk of syslog flooding in the event of a denial of service attack. 500 is a reasonable number to use, but may be adjusted based on your requirements.
Warning: Once the kernel recompile has been completed, do not reboot your system. Doing so may result in you being locked out of your own system. You must only reboot once the ruleset is in place and all the relevant configuration files have been updated.
This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.
Hosting by: Hurra Communications Ltd.
Generated: 2007-01-26 17:58:38