「ipfw カーネルモジュール」の版間の差分

提供: セキュリティ
移動: 案内検索
(ページの作成:「<!-- vim: filetype=mediawiki --> ipfwカーネルモジュール の設定です。 __TOC__ == 概要 == == カーネルオプション == 下記の設...」)
 
行16: 行16:
 
options    IPFIREWALL_VERBOSE
 
options    IPFIREWALL_VERBOSE
  
#This option enables logging of packets that pass through IPFW and have the log keyword specified in the ruleset.
+
#This option enables logging of packets that pass through IPFW
 +
# and have the log keyword specified in the ruleset.
 
options    IPFIREWALL_VERBOSE_LIMIT=5
 
options    IPFIREWALL_VERBOSE_LIMIT=5
  
#This option limits the number of packets logged through syslogd(8), on a per-entry basis. This option may be used in hostile environments, when firewall activity logging is desired. This will close a possible denial of service attack via syslog flooding.
+
#This option limits the number of packets logged through syslogd(8), on a
 +
# per-entry basis. This option may be used in hostile environments,
 +
# when firewall activity logging is desired.
 +
# This will close a possible denial of service attack via syslog flooding.
 
options    IPFIREWALL_DEFAULT_TO_ACCEPT
 
options    IPFIREWALL_DEFAULT_TO_ACCEPT
  
# This option allows everything to pass through the firewall by default, which is a good idea when the firewall is being set up for the first time.
+
# This option allows everything to pass through the firewall by default,
 +
# which is a good idea when the firewall is being set up for the first time.
 
options    IPDIVERT
 
options    IPDIVERT
 
</syntaxhighlight>
 
</syntaxhighlight>

2013年8月30日 (金) 18:45時点における版

ipfwカーネルモジュール の設定です。

概要

カーネルオプション

下記の設定は、カーネル のコンフィグレーションファイルの設定です。

options    IPFIREWALL
 
# This option enables IPFW as part of the kernel.
options    IPFIREWALL_VERBOSE
 
#This option enables logging of packets that pass through IPFW
# and have the log keyword specified in the ruleset.
options    IPFIREWALL_VERBOSE_LIMIT=5
 
#This option limits the number of packets logged through syslogd(8), on a
# per-entry basis. This option may be used in hostile environments,
# when firewall activity logging is desired.
# This will close a possible denial of service attack via syslog flooding.
options    IPFIREWALL_DEFAULT_TO_ACCEPT
 
# This option allows everything to pass through the firewall by default,
# which is a good idea when the firewall is being set up for the first time.
options    IPDIVERT

カーネルモジュール

カーネルモジュール ipfw をロードします。

sudo kldload ipfw

カーネルモジュール ipfw をアンロードします。

sudo kldunload ipfw

関連項目