diff options
author | phk <phk@FreeBSD.org> | 2006-10-28 20:08:12 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 2006-10-28 20:08:12 +0000 |
commit | 417527cc24aab508dd12868c6cfc59d73475e86c (patch) | |
tree | af35d416fa1b834fff4de2f8c4805e176b82c9d8 /etc/defaults | |
parent | b944aa0079dcd240d119399fa424b4eef66a3019 (diff) | |
download | FreeBSD-src-417527cc24aab508dd12868c6cfc59d73475e86c.zip FreeBSD-src-417527cc24aab508dd12868c6cfc59d73475e86c.tar.gz |
Give rc.firewall a polish and a new method.
Factor out the loopback setup
Use "me" instead of hardcoded $ip where possible.
Add "workstation" which protects just this machine with stateful
firewalling. Put the variables for this in rc.conf.
Submitted by: Flemming Jacobsen <fj@batmule.dk>
Reviewed by: cperciva
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index f75171a..10f37df 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -104,6 +104,16 @@ firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file +firewall_myservices="" # List of TCP ports on which this host + # offers services +firewall_allowservices="" # List of IPs which has access to + # $firewall_myservices +firewall_trusted="" # List of IPs which has full access to this host +firewall_logdeny="NO" # Set to YES to log default denied incoming + # packets. +firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports + # for which denied incoming packets are not + # logged. ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) |