| NOTES (160813) | NOTES (161380) |
|---|---|
| 1# $FreeBSD: head/sys/conf/NOTES 160813 2006-07-29 18:38:54Z marcel $ | 1# $FreeBSD: head/sys/conf/NOTES 161380 2006-08-17 00:37:03Z julian $ |
| 2# 3# NOTES -- Lines that can be cut/pasted into kernel and hints configs. 4# 5# Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers', 6# 'makeoptions', 'hints', etc. go into the kernel configuration that you 7# run config(8) with. 8# 9# Lines that begin with 'hint.' are NOT for config(8), they go into your --- 705 unchanged lines hidden (view full) --- 715# means that you won't get stuck if the kernel and /sbin/ipfw binary get 716# out of sync. 717# 718# IPDIVERT enables the divert IP sockets, used by ``ipfw divert''. It 719# depends on IPFIREWALL if compiled into the kernel. 720# 721# IPFIREWALL_FORWARD enables changing of the packet destination either 722# to do some sort of policy routing or transparent proxying. Used by | 2# 3# NOTES -- Lines that can be cut/pasted into kernel and hints configs. 4# 5# Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers', 6# 'makeoptions', 'hints', etc. go into the kernel configuration that you 7# run config(8) with. 8# 9# Lines that begin with 'hint.' are NOT for config(8), they go into your --- 705 unchanged lines hidden (view full) --- 715# means that you won't get stuck if the kernel and /sbin/ipfw binary get 716# out of sync. 717# 718# IPDIVERT enables the divert IP sockets, used by ``ipfw divert''. It 719# depends on IPFIREWALL if compiled into the kernel. 720# 721# IPFIREWALL_FORWARD enables changing of the packet destination either 722# to do some sort of policy routing or transparent proxying. Used by |
| 723# ``ipfw forward''. | 723# ``ipfw forward''. All redirections apply to locally generated 724# packets too. Because of this great care is required when 725# crafting the ruleset. |
| 724# | 726# |
| 725# IPFIREWALL_FORWARD_EXTENDED enables full packet destination changing 726# including redirecting packets to local IP addresses and ports. All 727# redirections apply to locally generated packets too. Because of this 728# great care is required when crafting the ruleset. 729# | |
| 730# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding 731# packets without touching the ttl). This can be useful to hide firewalls 732# from traceroute and similar tools. 733# 734# TCPDEBUG enables code which keeps traces of the TCP state machine 735# for sockets with the SO_DEBUG option set, which can then be examined 736# using the trpt(8) utility. 737# 738options MROUTING # Multicast routing 739options PIM # Protocol Independent Multicast 740options IPFIREWALL #firewall 741options IPFIREWALL_VERBOSE #enable logging to syslogd(8) 742options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity 743options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default 744options IPFIREWALL_FORWARD #packet destination changes | 727# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding 728# packets without touching the ttl). This can be useful to hide firewalls 729# from traceroute and similar tools. 730# 731# TCPDEBUG enables code which keeps traces of the TCP state machine 732# for sockets with the SO_DEBUG option set, which can then be examined 733# using the trpt(8) utility. 734# 735options MROUTING # Multicast routing 736options PIM # Protocol Independent Multicast 737options IPFIREWALL #firewall 738options IPFIREWALL_VERBOSE #enable logging to syslogd(8) 739options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity 740options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default 741options IPFIREWALL_FORWARD #packet destination changes |
| 745options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes | |
| 746options IPDIVERT #divert sockets 747options IPFILTER #ipfilter support 748options IPFILTER_LOG #ipfilter logging 749options IPFILTER_LOOKUP #ipfilter pools 750options IPFILTER_DEFAULT_BLOCK #block all packets by default 751options IPSTEALTH #support for stealth forwarding 752options TCPDEBUG 753 --- 1855 unchanged lines hidden --- | 742options IPDIVERT #divert sockets 743options IPFILTER #ipfilter support 744options IPFILTER_LOG #ipfilter logging 745options IPFILTER_LOOKUP #ipfilter pools 746options IPFILTER_DEFAULT_BLOCK #block all packets by default 747options IPSTEALTH #support for stealth forwarding 748options TCPDEBUG 749 --- 1855 unchanged lines hidden --- |