[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Getting on with ipfilter 3.4.17 on FreeBSD 4.3R kernel
From:       Dmitriy Bokiy <ratebor () pro ! icp ! ac ! ru>
Date:       2001-05-29 13:05:16
[Download RAW message or body]

On Tue, May 29, 2001 at 02:24:29PM +0200, Josef Pojsl wrote:
> Everett,
> 
> On Tue, May 29, 2001 at 02:04:08AM -0700, Everett F Batey wrote:
> > Probably I am still a little confused .. I was finally struck late one
> > recent night with new FreeBSD 4.3R computer; the kernel I built has
> > 
> >    options 	IPFIREWALL		#firewall
> >    options 	IPFIREWALL_VERBOSE	#print information about
> >    options 	IPFIREWALL_FORWARD	#enable transparent proxy support
> >    options 	IPFIREWALL_VERBOSE_LIMIT=100	#limit verbosity
> >              Useful or Needed for ipfilter (ipf) and ipnat ?
> > 
> >    options 	IPFIREWALL_DEFAULT_TO_ACCEPT	#allow everything by default
> >              Temporary till I guess what I am doing
> > 
> >    options 	IPDIVERT		#divert sockets
> >              Useful or Needed for ipfilter (ipf) and ipnat ?
> > 
> > Are these options in any way relevant to ipfilter / ipnat OR only to
> > ipfw ?   Rebuild with any other options recommended.
> 
> they are all relevant only to ipfw. AFAIK, there are 3 options concerning
> Darren's ipf/ipnat, and these are:
> options    IPFILTER                #ipfilter support
> options    IPFILTER_LOG            #ipfilter logging
> options    IPFILTER_DEFAULT_TO_ACCEPT      #reverse the default ipfilter
>                                            #behavior of denying everything


The last one is not needed since default is accept everything. See around

POLICY=-DIPF_DEFAULT_PASS=FR_PASS

in the Makefile.

-- 
Dmitriy

[prev in list] [next in list] [prev in thread] [next in thread]