Firewall Wizards mailing list archives

Re: Kernel options for FW?

From: Alex Nash <nash () mcs net>
Date: Thu, 18 Dec 1997 11:33:31 -0600 (CST)

On Thu, 18 Dec 1997, Adam Shostack wrote:

options IPFORWSRCRT=0 //Turn off source routing.


This is the default.  It is controllable via sysctl.

options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't
                    //need to run as root.


I don't know if there's a good way of doing this, but you could hack
IPPORT_RESERVED in in.h (unfortunately this isn't surrounded by an ifndef,
so you can't just thrown options IPPORT_RESERVED into your kernel config).

options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel.


This is the default for FreeBSD's ipfw.

Alex

Current thread:

Kernel options for FW? Adam Shostack (Dec 19)
- Re: Kernel options for FW? Brian Mitchell (Dec 19)
- Re: Kernel options for FW? Alex Nash (Dec 19)
- Re: Kernel options for FW? Cy Schubert - ITSD Open Systems Group (Dec 19)
  - Re: Kernel options for FW? Darren Reed (Dec 21)
- Re: Kernel options for FW? Darren Reed (Dec 21)