diff options
author | rafan <rafan@FreeBSD.org> | 2008-01-21 04:41:18 +0000 |
---|---|---|
committer | rafan <rafan@FreeBSD.org> | 2008-01-21 04:41:18 +0000 |
commit | d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06 (patch) | |
tree | 2829456ad10f556bb437546d49a99abad21d63a0 /etc/defaults | |
parent | d48c6f0552fc34daa7e641bf8a85b7360e3a5c6e (diff) | |
download | FreeBSD-src-d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06.zip FreeBSD-src-d70dd9e5a0b201fae18c1a78daf6d2024d1f4b06.tar.gz |
Improve kernel NAT support in rc.firewall
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf
Tested by: Albert B. Wang <abwang at gmail.com>
MFC after: 1 month
Diffstat (limited to 'etc/defaults')
-rw-r--r-- | etc/defaults/rc.conf | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 356cec2..78f0659 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -119,6 +119,9 @@ firewall_logdeny="NO" # Set to YES to log default denied incoming firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports # for which denied incoming packets are not # logged. +firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) +firewall_nat_interface="" # Public interface or IPaddress to use +firewall_nat_flags="" # Additional configuration parameters ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) |