|
|
Pardus: Kernel: Multiple Denial of Service
|
|
IPFW(4) BSD Kernel Interfaces Manual IPFW(4) NAME
ipfw -- IP packet filter and traffic accounting SYNOPSIS
To compile ipfw into the kernel, place the following option in the kernel configuration file: options IPFIREWALL Other kernel options related to ipfw which may also be useful are: options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 To load ipfw as a module at boot time, add the following line into the loader.conf(5) file: ipfw_load="YES" DESCRIPTION
The ipfw system facility allows filtering, redirecting, and other operations on IP packets travelling through network interfaces. The default behavior of ipfw is to block all incoming and outgoing traffic. This behavior can be modified, to allow all traffic through the ipfw firewall by default, by enabling the IPFIREWALL_DEFAULT_TO_ACCEPT kernel option. This option may be useful when configuring ipfw for the first time. If the default ipfw behavior is to allow everything, it is easier to cope with firewall-tuning mistakes which may acciden- tally block all traffic. To enable logging of packets passing through ipfw, enable the IPFIREWALL_VERBOSE kernel option. The IPFIREWALL_VERBOSE_LIMIT option will prevent syslogd(8) from flooding system logs or causing local Denial of Service. This option may be set to the number of packets which will be logged on a per-entry basis before the entry is rate-limited. Policy routing and transparent forwarding features of ipfw can be enabled by IPFIREWALL_FORWARD kernel option. The user interface for ipfw is implemented by the ipfw(8) utility, so please refer to the ipfw(8) manpage for a complete description of the ipfw capabilities and how to use it. SEE ALSO
setsockopt(2), divert(4), ip(4), ipfw(8), sysctl(8), syslogd(8), pfil(9) BSD September 1, 2006 BSD
