diff options
Diffstat (limited to 'en_US.ISO_8859-1/books/handbook/security/chapter.sgml')
-rw-r--r-- | en_US.ISO_8859-1/books/handbook/security/chapter.sgml | 33 |
1 files changed, 13 insertions, 20 deletions
diff --git a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml index 405eedf589..4d972ffb8f 100644 --- a/en_US.ISO_8859-1/books/handbook/security/chapter.sgml +++ b/en_US.ISO_8859-1/books/handbook/security/chapter.sgml @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $Id: chapter.sgml,v 1.14 1999-05-16 13:26:28 nik Exp $ + $Id: chapter.sgml,v 1.15 1999-05-25 17:05:50 hoek Exp $ --> <chapter id="security"> @@ -1529,25 +1529,18 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen> is located on.</para> </note> - <para>As currently supplied, FreeBSD does not have the ability to load - firewall rules at boot time. My suggestion is to put a call to a - shell script in the <filename>/etc/netstart</filename> script. Put - the call early enough in the netstart file so that the firewall is - configured before any of the IP interfaces are configured. This means - that there is no window during which time your network is open.</para> - - <para>The actual script used to load the rules is entirely up to you. - There is currently no support in the <command>ipfw</command> utility - for loading multiple rules in the one command. The system I use is to - use the command:</para> - - <screen>&prompt.root; <userinput>ipfw list</userinput></screen> - - <para>to write a list of the current rules out to a file, and then use a - text editor to prepend <literal>ipfw </literal> before all the lines. - This will allow the script to be fed into /bin/sh and reload the rules - into the kernel. Perhaps not the most efficient way, but it - works.</para> + <para>You should enable your firewall from + <filename>/etc/rc.conf.local</filename> or + <filename>/etc/rc.conf</filename>. The associated manpage explains + which knobs to fiddle and lists some preset firewall configurations. + If you do not use a preset configuration, <command>ipfw list</command> + will output the current ruleset into a file that you can + pass to <filename>rc.conf</filename>. If you do not use + <filename>/etc/rc.conf.local</filename> or + <filename>/etc/rc.conf</filename> to enable your firewall, + it is important to make sure your firewall is enabled before + any IP interfaces are configured. + </para> <para>The next problem is what your firewall should actually <emphasis>do</emphasis>! This is largely dependent on what access to |