Kernel options for FW?

[Adam Shostack <adam () homeport org>]

(This is not meant to spark a religious war.  I'm asking for help
configuring a kernel, and comparing kernel security features between
FreeBSD and NetBSD to make a reasonable decision.)

On Netbsd, I'd enable the following options.  I can't find equivilents
to these on FreeBSD.  Do they exist, and what are they?   Also, I know
Freebsd sets kernel security wrong (-1) by default, and that needs to
be fixed.  Are there other things that I should know about on Freebsd
to do everything right?


options IPFORWSRCRT=0 //Turn off source routing.

options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't
                      //need to run as root.

options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel.

options FDSCRIPTS // Allow a script to be run if it is x only, by
                 // passing a file descriptor to the interpreter,
                 // avoiding some race conditions.
  
Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume