diff options
| author | Zhenlei Huang <zlei@FreeBSD.org> | 2023-09-28 04:58:44 +0000 |
|---|---|---|
| committer | Zhenlei Huang <zlei@FreeBSD.org> | 2023-09-28 04:58:44 +0000 |
| commit | 12349f38898f231ca803dcf526bac88cb1b5cd2b (patch) | |
| tree | 31b60f9e537e90f380c45880a520a9dda8d5b1f0 | |
| parent | fc4a6768272ea9e943661e0c34ff436dac872ac7 (diff) | |
| download | src-12349f38898f231ca803dcf526bac88cb1b5cd2b.tar.gz src-12349f38898f231ca803dcf526bac88cb1b5cd2b.zip | |
ipfw.8: Adjust section for loader tunables
Move the descriptions of loader tunables from section 'SYSCTL VARIABLES'
to section 'LOADER TUNABLES'.
See also 49197c391b3d (ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables).
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D41981
| -rw-r--r-- | sbin/ipfw/ipfw.8 | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 1a042ae2bbbf..e62b8d6efc95 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,5 +1,5 @@ .\" -.Dd April 25, 2023 +.Dd September 28, 2023 .Dt IPFW 8 .Os .Sh NAME @@ -3761,6 +3761,16 @@ or .Xr kenv 1 before ipfw module gets loaded. .Bl -tag -width indent +.It Va net.inet.ip.fw.enable : No 1 +Enables the firewall. +Setting this variable to 0 lets you run your machine without +firewall even if compiled in. +.It Va net.inet6.ip6.fw.enable : No 1 +provides the same functionality as above for the IPv6 case. +.It Va net.link.ether.ipfw : No 0 +Controls whether layer2 packets are passed to +.Nm . +Default is no. .It Va net.inet.ip.fw.default_to_accept : No 0 Defines ipfw last rule behavior. This value overrides @@ -4154,12 +4164,6 @@ Keep dynamic states on rule/set deletion. States are relinked to default rule (65535). This can be handly for ruleset reload. Turned off by default. -.It Va net.inet.ip.fw.enable : No 1 -Enables the firewall. -Setting this variable to 0 lets you run your machine without -firewall even if compiled in. -.It Va net.inet6.ip6.fw.enable : No 1 -provides the same functionality as above for the IPv6 case. .It Va net.inet.ip.fw.one_pass : No 1 When set, the packet exiting from the .Nm dummynet @@ -4176,10 +4180,6 @@ Enables verbose messages. Limits the number of messages produced by a verbose firewall. .It Va net.inet6.ip6.fw.deny_unknown_exthdrs : No 1 If enabled packets with unknown IPv6 Extension Headers will be denied. -.It Va net.link.ether.ipfw : No 0 -Controls whether layer2 packets are passed to -.Nm . -Default is no. .It Va net.link.bridge.ipfw : No 0 Controls whether bridged packets are passed to .Nm . |