Home arrow Configure arrow Kernel Options
Kernel Options PDF
Sunday, 14 January 2007
This section describes all Kernel options.

### Firewall Options ###

options IPFIREWALL
This option enable ipfw in Kernel.

options IPFIREWALL_VERBOSE
Enable logging with ipfw. If this option is set in kernel,  net.inet.ip.fw.verbose sysctl variable is set to 1, allowing to log ipfw (log keyword in ipfw).

options IPFIREWALL_VERBOSE_LIMIT=value
This option controls how many matching packets will be logged per rule, before logging is disabled. This option acts as a hard limit for firewalls that have not set logamount variable. This variable can be changed with sysctl variable: net.inet.ip.fw.verbose_limit.options IPFIREWALL_DEFAULT_TO_ACCEPT
By default if ipfw is enabled in kernel (or loaded as module) it will add a rule to block everything. This option will reverse this, allowing all traffic through the firewall. This option is not recommended for production firewalls, and is sometimes used for testing purposes.

options IPFIREWALL_FORWARD
This option allows you to use fwd keyword in your ipfw rule, to direct traffic to hosts or ports you want. For example you want to redirect all traffic that has destination port 80 (www) to a server from your LAN.

options IPSTEALTH
This option is used for by firewall not to decrement time to live (TTL) value. This is used to hide presence of your firewall for outside world (your firewall will not be seen with traceroute command).
 

Other BSD Systems

OpenBSD

Misc

Solaris

Polls

Best BSD firewall?