rc.conf.5 (66667) | rc.conf.5 (66745) |
---|---|
1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 1.\" Copyright (c) 1995 2.\" Jordan K. Hubbard 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" |
25.\" $FreeBSD: head/share/man/man5/rc.conf.5 66667 2000-10-05 07:22:58Z sheldonh $ | 25.\" $FreeBSD: head/share/man/man5/rc.conf.5 66745 2000-10-06 12:24:45Z darrenr $ |
26.\" 27.Dd Jul 3, 2000 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information. 33.Sh DESCRIPTION --- 122 unchanged lines hidden (view full) --- 156.Ar NO 157if you do not want have firewall rules loaded at startup, or 158.Ar YES 159if you do. 160If set to 161.Ar YES , 162and the kernel was not built with IPFIREWALL, the ipfw 163kernel module will be loaded. | 26.\" 27.Dd Jul 3, 2000 28.Dt RC.CONF 5 29.Os 30.Sh NAME 31.Nm rc.conf 32.Nd system configuration information. 33.Sh DESCRIPTION --- 122 unchanged lines hidden (view full) --- 156.Ar NO 157if you do not want have firewall rules loaded at startup, or 158.Ar YES 159if you do. 160If set to 161.Ar YES , 162and the kernel was not built with IPFIREWALL, the ipfw 163kernel module will be loaded. |
164See also 165.Ar ipfilter_enable . |
|
164.It Ar firewall_script 165(str) If you want to run a firewall script other than 166.Pa /etc/rc.firewall , 167set this variable to the full path to that script. 168.It Ar firewall_type 169(str) Names the firewall type from the selection in 170.Pa /etc/rc.firewall , 171or the file which contains the local firewall ruleset. Valid selections --- 41 unchanged lines hidden (view full) --- 213.It Ar natd_flags 214Additional natd flags should be placed here. The 215.Fl n 216or 217.Fl a 218flag is automatically added with the above 219.Ar natd_interface 220as an argument. | 166.It Ar firewall_script 167(str) If you want to run a firewall script other than 168.Pa /etc/rc.firewall , 169set this variable to the full path to that script. 170.It Ar firewall_type 171(str) Names the firewall type from the selection in 172.Pa /etc/rc.firewall , 173or the file which contains the local firewall ruleset. Valid selections --- 41 unchanged lines hidden (view full) --- 215.It Ar natd_flags 216Additional natd flags should be placed here. The 217.Fl n 218or 219.Fl a 220flag is automatically added with the above 221.Ar natd_interface 222as an argument. |
223.\" ----- ipfilter_enable seting -------------------------------- 224.It Ar ipfilter_enable 225(bool) Set to 226.Ar NO 227by default. 228Setting this to 229.Ar YES 230enables 231.Xr ipf 8 232packet filtering. 233Strictly speaking almost any filter could be established 234"abusing" this setting and the fact that 235.Ar ipfilter_program , 236.Ar ipfilter_rules 237and 238.Ar ipfilter_flags 239are concatenated to form a command, 240as long as the file specified in 241.Ar ipfilter_rules 242is readable. 243When 244.Ar ipfilter_enable 245and 246.Ar ipnat_enable 247are set to 248.Ar YES 249and the file specified in 250.Ar ipnat_rules 251is readable, 252.Ar ipnat_program , 253.Ar ipnat_rules 254and 255.Ar ipnat_flags 256make up a command line to start a network address translation program. 257When 258.Ar ipfilter_enable 259and 260.Ar ipmon_enable 261are set to 262.Ar YES , 263.Ar ipmon_program 264and 265.Ar ipmon_flags 266form another command line for monitoring the above actions. 267See 268.Pa /etc/rc.network 269for details. 270.Pp 271Typical usage will require putting 272.Bd -literal 273ipfilter_enable="YES" 274ipfilter_flags="" 275ipnat_enable="YES" 276ipmon_enable="YES" 277 278.Ed 279into 280.Pa /etc/rc.conf 281and editing 282.Pa /etc/ipf.rules 283and 284.Pa /etc/ipnat.rules 285appropriately. 286Turning off 287.Ar firewall_enable 288when using ipf is recommended. 289Having 290.Bd -literal 291options IPFILTER 292options IPFILTER_LOG 293options IPFILTER_DEFAULT_BLOCK 294 295.Ed 296in the kernel configuration file is a good idea, too. 297.\" ----- ipfilter_program setting ------------------------------ 298.It Ar ipfilter_program 299(str) Set to 300.Ar /sbin/ipf -Fa -f 301by default. 302This variable contains a command line 303up to (but not including) the filter rule definition 304(expected to live in a separate file). 305See 306.Ar ipfilter_enable 307for a detailled discussion. 308.\" ----- ipfilter_rules setting -------------------------------- 309.It Ar ipfilter_rules 310(str) Set to 311.Ar /etc/ipf.rules 312by default. 313This variable contains the name of the filter rule definition file. 314The file is expected to be readable for the filter command to execute. 315See 316.Ar ipfilter_enable 317for a detailled discussion. 318.\" ----- ipfilter_flags setting -------------------------------- 319.It Ar ipfilter_flags 320(str) Set to 321.Ar -E 322by default. 323This variable contains flags appended to the filter command 324after the rule definition filename. 325The default setting will initialize an on demand loaded ipf module. 326When compiling ipfilter directly into your kernel (as is recommended) 327the variable should be empty to not initialize 328the code more than once. 329See 330.Ar ipfilter_enable 331for a detailled discussion. 332.\" ----- ipnat_enable setting ---------------------------------- 333.It Ar ipnat_enable 334(bool) Set to 335.Ar NO 336by default. 337Set it to 338.Ar YES 339to enable 340.Xr ipnat 8 341network address translation. 342Setting this variable needs setting 343.Ar ipfilter_enable , 344too. 345See 346.Ar ipfilter_enable 347for a detailled discussion. 348.\" ----- ipnat_program setting --------------------------------- 349.It Ar ipnat_program 350(str) Set to 351.Ar /sbin/ipnat -CF -f 352by default. 353This variable contains a command line 354up to (but not including) the translation rule definition 355(expected to live in a separate file). 356See 357.Ar ipfilter_enable 358for a detailled discussion. 359.\" ----- ipnat_rules setting ----------------------------------- 360.It Ar ipnat_rules 361(str) Set to 362.Ar /etc/ipnat.rules 363by default. 364This variable contains the name of the file 365holding the network address translation definition. 366This file is expected to be readable for the NAT command to execute. 367See 368.Ar ipfilter_enable 369for a detailled discussion. 370.\" ----- ipnat_flags setting ----------------------------------- 371.It Ar ipnat_flags 372(str) Empty by default. 373This variable contains additional flags 374appended to the ipnat command line 375after the rule definition filename. 376See 377.Ar ipfilter_enable 378for a detailled discussion. 379.\" ----- ipmon_enable setting ---------------------------------- 380.It Ar ipmon_enable 381(bool) Set to 382.Ar NO 383by default. 384Set it to 385.Ar YES 386to enable 387.Xr ipmon 8 388monitoring (logging 389.Xr ipf 8 390and 391.Xr ipnat 8 392events). 393Setting this variable needs setting 394.Ar ipfilter_enable , 395too. 396See 397.Ar ipfilter_enable 398for a detailled discussion. 399.\" ----- ipmon_program setting --------------------------------- 400.It Ar ipmon_program 401(str) Set to 402.Ar /sbin/ipmon 403by default. 404This variable contains the 405.Xr ipmon 8 406executable filename. 407See 408.Ar ipfilter_enable 409for a detailled discussion. 410.\" ----- ipmon_flags setting ----------------------------------- 411.It Ar ipmon_flags 412(str) Set to 413.Ar -Ds 414by default. 415This variable contains flags passed to the 416.Xr ipmon 8 417program. 418Another typical example would be 419.Ar -D /var/log/ipflog 420to have 421.Xr ipmon 8 422log directly to a file bypassing 423.Xr syslogd 8 . 424Make sure to adjust 425.Pa /etc/newsyslog.conf 426in such case like this: 427.Bd -literal 428/var/log/ipflog 640 10 100 * Z /var/run/ipmon.pid 429 430.Ed 431See 432.Ar ipfilter_enable 433for a detailled discussion. 434.\" ----- end of added ipf hook --------------------------------- |
|
221.It Ar tcp_extensions 222(bool) Set to 223.Ar NO 224by default. 225Setting this to YES enables certain TCP options as described by 226.Rs 227.%T RFC 1323 228.Re --- 1064 unchanged lines hidden --- | 435.It Ar tcp_extensions 436(bool) Set to 437.Ar NO 438by default. 439Setting this to YES enables certain TCP options as described by 440.Rs 441.%T RFC 1323 442.Re --- 1064 unchanged lines hidden --- |