aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Rehbein <tobias.rehbein@web.de>2021-03-18 17:01:09 +0000
committerDaniel Ebdrup Jensen <debdrup@FreeBSD.org>2021-03-18 17:39:24 +0000
commitc39dda81923a26116241fbe996351133c86ad97a (patch)
tree28f36fe47b4b7b4f6a58865f00b79d2b86d2b374
parent4a847a6ccdf2ed583b8635103b36b76e153ffb62 (diff)
downloadsrc-c39dda81923a26116241fbe996351133c86ad97a.tar.gz
src-c39dda81923a26116241fbe996351133c86ad97a.zip
rc.conf(5): Document the 'workstation' firewall_type
Document the workstation ACL ruleset, which uses stateful rules. While here, add a note about where some of the undocumented variables can be found. This is not a perfect solution for bug 127359, but it at at least gives a place to go look, and can be used as a reference for when bug 127359 gets fixed properly. PR: 254358, 127359
-rw-r--r--share/man/man5/rc.conf.58
1 files changed, 7 insertions, 1 deletions
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index fef0f167d1a5..ddf4ea120df5 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -539,7 +539,7 @@ Valid selections from
.Pa /etc/rc.firewall
are:
.Pp
-.Bl -tag -width ".Li simple" -compact
+.Bl -tag -width ".Li workstation" -compact
.It Li open
unrestricted IP access
.It Li closed
@@ -547,12 +547,18 @@ all IP services disabled, except via
.Dq Li lo0
.It Li client
basic protection for a workstation
+.It Li workstation
+basic protection for a workstation using stateful firewalling
.It Li simple
basic protection for a LAN.
.El
.Pp
If a filename is specified, the full path
must be given.
+.Pp
+Most of the predefined rulesets define additional configuration variables.
+These are documented in
+.Pa /etc/rc.firewall .
.It Va firewall_quiet
.Pq Vt bool
Set to