Firewall Wizards mailing list archives
Kernel options for FW?
From: Adam Shostack <adam () homeport org>
Date: Thu, 18 Dec 1997 11:15:02 -0500 (EST)
(This is not meant to spark a religious war. I'm asking for help configuring a kernel, and comparing kernel security features between FreeBSD and NetBSD to make a reasonable decision.) On Netbsd, I'd enable the following options. I can't find equivilents to these on FreeBSD. Do they exist, and what are they? Also, I know Freebsd sets kernel security wrong (-1) by default, and that needs to be fixed. Are there other things that I should know about on Freebsd to do everything right? options IPFORWSRCRT=0 //Turn off source routing. options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't //need to run as root. options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel. options FDSCRIPTS // Allow a script to be run if it is x only, by // passing a file descriptor to the interpreter, // avoiding some race conditions. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Kernel options for FW? Adam Shostack (Dec 19)
- Re: Kernel options for FW? Brian Mitchell (Dec 19)
- Re: Kernel options for FW? Alex Nash (Dec 19)
- Re: Kernel options for FW? Cy Schubert - ITSD Open Systems Group (Dec 19)
- Re: Kernel options for FW? Darren Reed (Dec 21)
- Re: Kernel options for FW? Darren Reed (Dec 21)