The first thing you will need to do is recompile your kernel. If you need more information on how to recompile the kernel, then the best place to start is the kernel configuration section in the Handbook. You need to add the following options into your kernel configuration file:
Enables the kernel's firewall code.
Sends logged packets to the system logger.
Limits the number of times a matching entry is logged. This prevents your log file from filling up with lots of repetitive entries. 100 is a reasonable number to use, but you can adjust it based on your requirements.
Enables divert sockets, which will be shown later.
There are some other optional items that you can compile into the kernel for some added security. These are not required in order to get firewalling to work, but some more paranoid users may want to use them.
This option ignores TCP packets with SYN and FIN. This prevents tools such as nmap etc from identifying the TCP/IP stack of the machine, but breaks support for RFC1644 extensions. This is not recommended if the machine will be running a web server.
Do not reboot once you have recompiled the kernel. Hopefully, we will only need to reboot once to complete the installation of the firewall.
This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.
For questions about FreeBSD, read the
documentation
before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |