So I'm reading the Handbook about recompiling the kernel I got with the 5.0-RELEASE. The kernel config is called GENERIC. I renamed it to NEW_KERNEL and am looking to add all those lovely firewall options:
options IPFIREWALL # firewall
options IPFIREWALL_VERBOSE # print information about dropped packets
#options IPFIREWALL_FORWARD # enable transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100 # limit verbosity
#options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default
options IPDIVERT # divert(4) sockets for NAT

None of them are there, though. Do I add them? It's a slow box and a compile is going to take awhile, so I thought I'd ask someone.
Thanks
J

Yup. You just add them.

If you want to have a look at nearly all of the options you could compile, along with rather detailed descriptions, have a look at the /usr/src/sys/i386/conf/LINT file. It's got every option (I think) that's available for the FreeBSD kernel.

That's one cool thing about compiling a FreeBSD kernel. That option not in your config file? Copy-n-Paste it in from another file! It's just that simple! You can just add your machine specific configurations to the bottom of your config file for easy location, too. At least, that's what I do...

Thank You for Your Reply!

Here's a Cookie!

Originally posted by je_fro
Thank You for Your Reply!

Here's a Cookie!

MMMMM....

Thanks, but no thanks. I've had to cut back. For one thing, Mrs. Cookie Monster is getting tired of cutting the chocolate chips out of my blue fur, and second, a fat blue puppet can't really get any good acting gigs.

So for a while, I'll just like "And BSD."

;)

What I really need is an ipfw rule generator until I get the hang of this.
I'm having trouble getting port forwarding to work. My kernel options are:

options IPFIREWALL
options IPDIVERT
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD
options IPFILTER
options IPFILTER_LOG
options IPFIREWALL_VERBOSE_LIMIT=10
#options IPFIREWALL_DEFAULT_TO_ACCEPT
options MROUTING
options TCP_DROP_SYNFIN
options IPSTEALTH

Is this all right for port forwarding? Am I including everything, or too much?
Thanks,
je_fro

You don't need these:

options IPFILTER
options IPFILTER_LOG

unless you plan on running IPF, which is better than IPFW, IMO.

Better still would be to run PF on FreeBSD 5.0. Check out this site for links to PF for FreeBSD:
pf-repository (https://solarflux.org/pf/)

If you insist on using IPFW, check out /usr/ports/security/qtfw
which is a GUI interface for managing IPFW. It won't generate rulesets, but might make it easier to learn.