diff options
| author | Tim Vanderhoek <hoek@FreeBSD.org> | 1999-05-25 17:05:50 +0000 |
|---|---|---|
| committer | Tim Vanderhoek <hoek@FreeBSD.org> | 1999-05-25 17:05:50 +0000 |
| commit | f81e290e562ac20ceb2e059ea7ec00630032d187 (patch) | |
| tree | d002a617ef8988ad626da192958e05755d59bd33 /en_US.ISO_8859-1 | |
| parent | d6f67f345599bc3b1bb481fb445cb6e5c4383ca6 (diff) | |
| download | doc-f81e290e562ac20ceb2e059ea7ec00630032d187.tar.gz doc-f81e290e562ac20ceb2e059ea7ec00630032d187.zip | |
Yes Virginia, you can enable firewalls from /etc/rc.conf.
PR: docs/10388 (Dima Sivachenko [3]dima@Chg.RU)
Notes
Notes:
svn path=/head/; revision=4946
Diffstat (limited to 'en_US.ISO_8859-1')
| -rw-r--r-- | en_US.ISO_8859-1/books/handbook/security/chapter.sgml | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $Id: chapter.sgml,v 1.14 1999-05-16 13:26:28 nik Exp $ + $Id: chapter.sgml,v 1.15 1999-05-25 17:05:50 hoek Exp $ --> <chapter id="security"> @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen> is located on.</para> </note> - <para>As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the <filename>/etc/netstart</filename> script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open.</para> - - <para>The actual script used to load the rules is entirely up to you. - There is currently no support in the <command>ipfw</command> utility - for loading multiple rules in the one command. The system I use is to - use the command:</para> - - <screen>&prompt.root; <userinput>ipfw list</userinput></screen> - - <para>to write a list of the current rules out to a file, and then use a - text editor to prepend <literal>ipfw </literal> before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works.</para> + <para>You should enable your firewall from + <filename>/etc/rc.conf.local</filename> or + <filename>/etc/rc.conf</filename>. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, <command>ipfw list</command> + will output the current ruleset into a file that you can + pass to <filename>rc.conf</filename>. If you do not use + <filename>/etc/rc.conf.local</filename> or + <filename>/etc/rc.conf</filename> to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + </para> <para>The next problem is what your firewall should actually <emphasis>do</emphasis>! This is largely dependent on what access to |