On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
I looked at that. That's not what I mean. :) I mean, if I do not have to
build a new kernel to enable firewalling, logging and divert,
I've always done this with a kernel build. There may be a way to do the
latter two through loadable modules, but
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of
rebuilding my kernel with the following options turned on:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
I rebooted, for unrelated reasons, and now see in the messages
]
Onderwerp: Firewall enabling confusion.
I put 'firewall_enable=YES' in /etc/rc.conf, in anticipation of
rebuilding my kernel with the following options turned on:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
I rebooted, for unrelated
Remko Lodder wrote:
kldstat is the program you are looking for (like lsmod)
It can indeed be that the module is loaded with it's default
settings {block all}
Hope this solves your lsmod question, the rest i cannot help you
with since i don't understand ipfw :) {yet}
Thanks! Yes, the ipfw.ko
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
-Warren Block * Rapid City, South Dakota USA
___
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just need to
know how to enable things like divert and logging.
/etc/rc.firewall has examples.
I looked at that. That's not what I mean. :) I mean, if I do not have to
On Fri, 27 Feb 2004 15:43:16 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Warren Block wrote:
On Fri, 27 Feb 2004, Shaun T. Erickson wrote:
Thanks! Yes, the ipfw.ko module is getting loaded. So now I just
need toknow how to enable things like divert and logging.
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your questions.
I'm still wading through it - it's quite a long read. I'll finish before
asking anything else.
On Fri, 27 Feb 2004 16:14:26 -0500
Shaun T. Erickson [EMAIL PROTECTED] wrote:
Ion-Mihai Tetcu wrote:
hint:
sysctl -a | grep ip.fw
for logging do:
sysctl -w net.inet.ip.fw.verbose: 1
sysctl -w net.inet.ip.fw.verbose_limit: 5
Ah.
see also man ipfw, it will answer your