diff options
Diffstat (limited to 'static/freebsd/man4/ipfirewall.4 3.html')
| -rw-r--r-- | static/freebsd/man4/ipfirewall.4 3.html | 112 |
1 files changed, 112 insertions, 0 deletions
diff --git a/static/freebsd/man4/ipfirewall.4 3.html b/static/freebsd/man4/ipfirewall.4 3.html new file mode 100644 index 00000000..ebaf6272 --- /dev/null +++ b/static/freebsd/man4/ipfirewall.4 3.html @@ -0,0 +1,112 @@ +<table class="head"> + <tr> + <td class="head-ltitle">IPFW(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">IPFW(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">ipfw</code> — <span class="Nd">IP packet + filter and traffic accounting</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp">To compile the driver into the kernel, place the following option + in the kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options IPFIREWALL</code></div> +<p class="Pp">Other related kernel options which may also be useful are:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options + IPFIREWALL_DEFAULT_TO_ACCEPT</code> +<br/> +<code class="Cd">options IPDIVERT</code> +<br/> +<code class="Cd">options IPFIREWALL_NAT</code> +<br/> +<code class="Cd">options IPFIREWALL_NAT64</code> +<br/> +<code class="Cd">options IPFIREWALL_NPTV6</code> +<br/> +<code class="Cd">options IPFIREWALL_PMOD</code> +<br/> +<code class="Cd">options IPFIREWALL_VERBOSE</code> +<br/> +<code class="Cd">options IPFIREWALL_VERBOSE_LIMIT=100</code> +<br/> +<code class="Cd">options LIBALIAS</code></div> +<p class="Pp">To load the driver as a module at boot time, add the following + line into the <a class="Xr">loader.conf(5)</a> file:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>ipfw_load="YES"</pre> +</div> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">ipfw</code> system facility allows filtering, + redirecting, and other operations on IP packets travelling through network + interfaces.</p> +<p class="Pp">The default behavior of <code class="Nm">ipfw</code> is to block + all incoming and outgoing traffic. This behavior can be modified, to allow + all traffic through the <code class="Nm">ipfw</code> firewall by default, by + enabling the <code class="Dv">IPFIREWALL_DEFAULT_TO_ACCEPT</code> kernel + option. This option may be useful when configuring + <code class="Nm">ipfw</code> for the first time. If the default + <code class="Nm">ipfw</code> behavior is to allow everything, it is easier + to cope with firewall-tuning mistakes which may accidentally block all + traffic.</p> +<p class="Pp">When using <a class="Xr">natd(8)</a> in conjunction with + <code class="Nm">ipfw</code> as NAT facility, the kernel option + <code class="Dv">IPDIVERT</code> enables diverting packets to + <a class="Xr">natd(8)</a> for translation.</p> +<p class="Pp">When using the in-kernel NAT facility of + <code class="Nm">ipfw</code>, the kernel option + <code class="Dv">IPFIREWALL_NAT</code> enables basic + <a class="Xr">libalias(3)</a> functionality in the kernel.</p> +<p class="Pp">When using any of the IPv4 to IPv6 transition mechanisms in + <code class="Nm">ipfw</code>, the kernel option + <code class="Dv">IPFIREWALL_NAT64</code> enables all of these NAT64 methods + in the kernel.</p> +<p class="Pp">When using the IPv6 network prefix translation facility of + <code class="Nm">ipfw</code>, the kernel option + <code class="Dv">IPFIREWALL_NPTV6</code> enables this functionality in the + kernel.</p> +<p class="Pp">When using the packet modification facility of + <code class="Nm">ipfw</code>, the kernel option + <code class="Dv">IPFIREWALL_PMOD</code> enables this functionality in the + kernel.</p> +<p class="Pp">To enable logging of packets passing through + <code class="Nm">ipfw</code>, enable the + <code class="Dv">IPFIREWALL_VERBOSE</code> kernel option. The + <code class="Dv">IPFIREWALL_VERBOSE_LIMIT</code> option will prevent + <a class="Xr">syslogd(8)</a> from flooding system logs or causing local + Denial of Service. This option may be set to the number of packets which + will be logged on a per-entry basis before the entry is rate-limited.</p> +<p class="Pp">When using the in-kernel NAT facility of + <code class="Nm">ipfw</code>, the kernel option + <code class="Dv">LIBALIAS</code> enables full <a class="Xr">libalias(3)</a> + functionality in the kernel. Full functionality refers to included support + for ftp, bbt, skinny, irc, pptp and smedia packets, which are missing in the + basic <a class="Xr">libalias(3)</a> functionality accomplished with the + <code class="Dv">IPFIREWALL_NAT</code> kernel option.</p> +<p class="Pp">The user interface for <code class="Nm">ipfw</code> is implemented + by the <a class="Xr">ipfw(8)</a> utility, so please refer to the + <a class="Xr">ipfw(8)</a> man page for a complete description of the + <code class="Nm">ipfw</code> capabilities and how to use it.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">setsockopt(2)</a>, <a class="Xr">libalias(3)</a>, + <a class="Xr">divert(4)</a>, <a class="Xr">ip(4)</a>, + <a class="Xr">ip6(4)</a>, <a class="Xr">ipfw(8)</a>, + <a class="Xr">natd(8)</a>, <a class="Xr">sysctl(8)</a>, + <a class="Xr">syslogd(8)</a>, <a class="Xr">pfil(9)</a></p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">August 19, 2020</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |