diff options
Diffstat (limited to 'static/freebsd/man4/mac_ifoff.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_ifoff.4 3.html | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/static/freebsd/man4/mac_ifoff.4 3.html b/static/freebsd/man4/mac_ifoff.4 3.html new file mode 100644 index 00000000..119b4f53 --- /dev/null +++ b/static/freebsd/man4/mac_ifoff.4 3.html @@ -0,0 +1,88 @@ +<table class="head"> + <tr> + <td class="head-ltitle">MAC_IFOFF(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">MAC_IFOFF(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">mac_ifoff</code> — + <span class="Nd">interface silencing policy</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp">To compile the interface silencing policy into your kernel, place + the following lines in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> +<br/> +<code class="Cd">options MAC_IFOFF</code></div> +<p class="Pp">Alternately, to load the interface silencing policy module at boot + time, place the following line in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> +<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>mac_ifoff_load="YES"</pre> +</div> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">mac_ifoff</code> interface silencing module + allows administrators to enable and disable incoming and outgoing data flow + on system network interfaces via the <a class="Xr">sysctl(8)</a> + interface.</p> +<p class="Pp">To disable network traffic over the loopback + (<a class="Xr">lo(4)</a>) interface, set the <a class="Xr">sysctl(8)</a> OID + <var class="Va">security.mac.ifoff.lo_enabled</var> to 0 (default 1).</p> +<p class="Pp">To enable network traffic over other interfaces, set the + <a class="Xr">sysctl(8)</a> OID + <var class="Va">security.mac.ifoff.other_enabled</var> to 1 (default 0).</p> +<p class="Pp">To allow BPF traffic to be received, even while other traffic is + disabled, set the <a class="Xr">sysctl(8)</a> OID + <var class="Va">security.mac.ifoff.bpfrecv_enabled</var> to 1 (default + 0).</p> +<section class="Ss"> +<h2 class="Ss" id="Label_Format"><a class="permalink" href="#Label_Format">Label + Format</a></h2> +<p class="Pp">No labels are defined.</p> +</section> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">mac(4)</a>, <a class="Xr">mac_bsdextended(4)</a>, + <a class="Xr">mac_lomac(4)</a>, <a class="Xr">mac_mls(4)</a>, + <a class="Xr">mac_none(4)</a>, <a class="Xr">mac_partition(4)</a>, + <a class="Xr">mac_portacl(4)</a>, <a class="Xr">mac_seeotheruids(4)</a>, + <a class="Xr">mac_test(4)</a>, <a class="Xr">mac(9)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">The <code class="Nm">mac_ifoff</code> policy module first appeared + in <span class="Ux">FreeBSD 5.0</span> and was developed by the TrustedBSD + Project.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> +<p class="Pp">This software was contributed to the + <span class="Ux">FreeBSD</span> Project by Network Associates Labs, the + Security Research Division of Network Associates Inc. under DARPA/SPAWAR + contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA + CHATS research program.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="BUGS"><a class="permalink" href="#BUGS">BUGS</a></h1> +<p class="Pp">While the MAC Framework design is intended to support the + containment of the root user, not all attack channels are currently + protected by entry point checks. As such, MAC Framework policies should not + be relied on, in isolation, to protect against a malicious privileged + user.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">July 25, 2015</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |