NOTES (53580) | NOTES (53642) |
---|---|
1# 2# LINT -- config file for checking all the sources, tries to pull in 3# as much of the source tree as it can. 4# | 1# 2# LINT -- config file for checking all the sources, tries to pull in 3# as much of the source tree as it can. 4# |
5# $FreeBSD: head/sys/conf/NOTES 53580 1999-11-22 11:13:00Z shin $ | 5# $FreeBSD: head/sys/conf/NOTES 53642 1999-11-23 21:44:59Z guido $ |
6# 7# NB: You probably don't want to try running a kernel built from this 8# file. Instead, you should start from GENERIC, and add options from 9# this file as required. 10# 11 12# 13# This directive is mandatory; it defines the architecture to be --- 470 unchanged lines hidden (view full) --- 484# firewall machine, they can get to your protected machines. However, 485# if you are using it as an as-needed filter for specific problems as 486# they arise, then this may be for you. Changing the default to 'allow' 487# means that you won't get stuck if the kernel and /sbin/ipfw binary get 488# out of sync. 489# 490# IPDIVERT enables the divert IP sockets, used by ``ipfw divert'' 491# | 6# 7# NB: You probably don't want to try running a kernel built from this 8# file. Instead, you should start from GENERIC, and add options from 9# this file as required. 10# 11 12# 13# This directive is mandatory; it defines the architecture to be --- 470 unchanged lines hidden (view full) --- 484# firewall machine, they can get to your protected machines. However, 485# if you are using it as an as-needed filter for specific problems as 486# they arise, then this may be for you. Changing the default to 'allow' 487# means that you won't get stuck if the kernel and /sbin/ipfw binary get 488# out of sync. 489# 490# IPDIVERT enables the divert IP sockets, used by ``ipfw divert'' 491# |
492# IPFILTER_LKM enables LKM support for an ipfilter module (untested). 493# | |
494# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding 495# packets without touching the ttl). This can be useful to hide firewalls 496# from traceroute and similar tools. 497# 498# TCPDEBUG is undocumented. 499# 500options TCP_COMPAT_42 #emulate 4.2BSD TCP bugs 501options MROUTING # Multicast routing 502options IPFIREWALL #firewall 503options IPFIREWALL_VERBOSE #print information about 504 # dropped packets 505options IPFIREWALL_FORWARD #enable transparent proxy support 506options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity 507options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default 508options IPDIVERT #divert sockets | 492# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding 493# packets without touching the ttl). This can be useful to hide firewalls 494# from traceroute and similar tools. 495# 496# TCPDEBUG is undocumented. 497# 498options TCP_COMPAT_42 #emulate 4.2BSD TCP bugs 499options MROUTING # Multicast routing 500options IPFIREWALL #firewall 501options IPFIREWALL_VERBOSE #print information about 502 # dropped packets 503options IPFIREWALL_FORWARD #enable transparent proxy support 504options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity 505options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default 506options IPDIVERT #divert sockets |
509#options IPFILTER_LKM #kernel support for ip_fil.o LKM | 507options IPFILTER #ipfilter support 508options IPFILTER_LOG #ipfilter logging |
510options IPSTEALTH #support for stealth forwarding 511options TCPDEBUG 512 513# The following options add sysctl variables for controlling how certain 514# TCP packets are handled. 515# 516# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This 517# prevents nmap et al. from identifying the TCP/IP stack, but breaks support --- 1819 unchanged lines hidden --- | 509options IPSTEALTH #support for stealth forwarding 510options TCPDEBUG 511 512# The following options add sysctl variables for controlling how certain 513# TCP packets are handled. 514# 515# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This 516# prevents nmap et al. from identifying the TCP/IP stack, but breaks support --- 1819 unchanged lines hidden --- |