「ipfw カーネルモジュール」の版間の差分
提供: セキュリティ
(ページの作成:「<!-- vim: filetype=mediawiki --> ipfw の カーネルモジュール の設定です。 __TOC__ == 概要 == == カーネルオプション == 下記の設...」) |
|||
| 行16: | 行16: | ||
options IPFIREWALL_VERBOSE | options IPFIREWALL_VERBOSE | ||
| − | #This option enables logging of packets that pass through IPFW and have the log keyword specified in the ruleset. | + | #This option enables logging of packets that pass through IPFW |
| + | # and have the log keyword specified in the ruleset. | ||
options IPFIREWALL_VERBOSE_LIMIT=5 | options IPFIREWALL_VERBOSE_LIMIT=5 | ||
| − | #This option limits the number of packets logged through syslogd(8), on a per-entry basis. This option may be used in hostile environments, when firewall activity logging is desired. This will close a possible denial of service attack via syslog flooding. | + | #This option limits the number of packets logged through syslogd(8), on a |
| + | # per-entry basis. This option may be used in hostile environments, | ||
| + | # when firewall activity logging is desired. | ||
| + | # This will close a possible denial of service attack via syslog flooding. | ||
options IPFIREWALL_DEFAULT_TO_ACCEPT | options IPFIREWALL_DEFAULT_TO_ACCEPT | ||
| − | # This option allows everything to pass through the firewall by default, which is a good idea when the firewall is being set up for the first time. | + | # This option allows everything to pass through the firewall by default, |
| + | # which is a good idea when the firewall is being set up for the first time. | ||
options IPDIVERT | options IPDIVERT | ||
</syntaxhighlight> | </syntaxhighlight> | ||
2013年8月30日 (金) 18:45時点における版
概要
カーネルオプション
下記の設定は、カーネル のコンフィグレーションファイルの設定です。
options IPFIREWALL # This option enables IPFW as part of the kernel. options IPFIREWALL_VERBOSE #This option enables logging of packets that pass through IPFW # and have the log keyword specified in the ruleset. options IPFIREWALL_VERBOSE_LIMIT=5 #This option limits the number of packets logged through syslogd(8), on a # per-entry basis. This option may be used in hostile environments, # when firewall activity logging is desired. # This will close a possible denial of service attack via syslog flooding. options IPFIREWALL_DEFAULT_TO_ACCEPT # This option allows everything to pass through the firewall by default, # which is a good idea when the firewall is being set up for the first time. options IPDIVERT
カーネルモジュール
sudo kldload ipfw
sudo kldunload ipfw