The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Поиск:  Каталог документации / Документация по FreeBSD / Руководства по FreeBSD на английском

2 Kernel Options

The first thing you will need to do is recompile your kernel. If you need more information on how to recompile the kernel, then the best place to start is the kernel configuration section in the Handbook. You need to add the following options into your kernel configuration file:

options IPFIREWALL

Enables the kernel's firewall code.

options IPFIREWALL_VERBOSE

Sends logged packets to the system logger.

options IPFIREWALL_VERBOSE_LIMIT=100

Limits the number of times a matching entry is logged. This prevents your log file from filling up with lots of repetitive entries. 100 is a reasonable number to use, but you can adjust it based on your requirements.

options IPDIVERT

Enables divert sockets, which will be shown later.

There are some other optional items that you can compile into the kernel for some added security. These are not required in order to get firewalling to work, but some more paranoid users may want to use them.

options TCP_DROP_SYNFIN

This option ignores TCP packets with SYN and FIN. This prevents tools such as nmap etc from identifying the TCP/IP stack of the machine, but breaks support for RFC1644 extensions. This is not recommended if the machine will be running a web server.

Do not reboot once you have recompiled the kernel. Hopefully, we will only need to reboot once to complete the installation of the firewall.

This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <doc@FreeBSD.org>.




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру