Attachment #62779 for bug #93764

View | Details | Raw Unified | Return to bug 93764
Collapse All | Expand All





      <para>Set the script to run to activate your rules:</para>

      <programlisting>firewall_script="/etc/rc.firewall"</programlisting>

      <para>Set the type of firewall.  This enables a simple pre-set
	ruleset for <application>IPFW</application>:</para>
      
      <programlisting>firewall_type="open"</programlisting>

      <para>Available values for this setting are:</para>

      <itemizedlist>
	<listitem>
	  <para><literal>open</literal> &mdash; allow anyone in.</para>
	</listitem>
	<listitem>
	  <para><literal>client</literal> &mdash; will protect only this
	    machine.</para>
	</listitem>
	<listitem>
	  <para><literal>simple</literal> &mdash; protect the whole
	    network.</para>
	</listitem>
	<listitem>
	  <para><literal>closed</literal> &mdash; entirely disables IP
	    services except via lo0 interface.</para>
	</listitem>
	<listitem>
	  <para><literal>UNKNOWN</literal> &mdash; disables the loading
	    of firewall rules.</para>
	</listitem>
	<listitem>
	  <para><replaceable>filename</replaceable> &mdash; will load the rules
	    in the given filename (full path required).</para>
	</listitem>
      </itemizedlist>

      <note>
	<para>If <literal>firewall_type</literal> is set either to
	  <literal>client</literal> or <literal>simple</literal>, the
	  default rules found in <filename>/etc/rc.firewall</filename>
	  should be reviewed to fit to the setup of the given machine.
	  Also note, that the examples used in this chapter expect that
	  the <literal>firewall_type</literal> is set to
	  <filename>/etc/ipfw.rules</filename>.</para>
      </note>

      <para>Enable logging:</para>

Return to bug 93764

Lines 2283-2289 Link Here

(-)/usr/home/danger/doc/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml (-1 / +44 lines)
2283		2283
2284	<para>Set the script to run to activate your rules:</para>	2284	<para>Set the script to run to activate your rules:</para>
2285		2285
2286	<programlisting>firewall_script="/etc/ipfw.rules"</programlisting>	2286	<programlisting>firewall_script="/etc/rc.firewall"</programlisting>
		2287
		2288	<para>Set the type of firewall. This enables a simple pre-set
		2289	ruleset for <application>IPFW</application>:</para>
		2290
		2291	<programlisting>firewall_type="open"</programlisting>
		2292
		2293	<para>Available values for this setting are:</para>
		2294
		2295	<itemizedlist>
		2296	<listitem>
		2297	<para><literal>open</literal> — allow anyone in.</para>
		2298	</listitem>
		2299	<listitem>
		2300	<para><literal>client</literal> — will protect only this
		2301	machine.</para>
		2302	</listitem>
		2303	<listitem>
		2304	<para><literal>simple</literal> — protect the whole
		2305	network.</para>
		2306	</listitem>
		2307	<listitem>
		2308	<para><literal>closed</literal> — entirely disables IP
		2309	services except via lo0 interface.</para>
		2310	</listitem>
		2311	<listitem>
		2312	<para><literal>UNKNOWN</literal> — disables the loading
		2313	of firewall rules.</para>
		2314	</listitem>
		2315	<listitem>
		2316	<para><replaceable>filename</replaceable> — will load the rules
		2317	in the given filename (full path required).</para>
		2318	</listitem>
		2319	</itemizedlist>
		2320
		2321	<note>
		2322	<para>If <literal>firewall_type</literal> is set either to
		2323	<literal>client</literal> or <literal>simple</literal>, the
		2324	default rules found in <filename>/etc/rc.firewall</filename>
		2325	should be reviewed to fit to the setup of the given machine.
		2326	Also note, that the examples used in this chapter expect that
		2327	the <literal>firewall_type</literal> is set to
		2328	<filename>/etc/ipfw.rules</filename>.</para>
		2329	</note>
2287		2330
2288	<para>Enable logging:</para>	2331	<para>Enable logging:</para>