Kernel Options |
Sunday, 14 January 2007 | |
This section describes all Kernel options. ### Firewall Options ### options IPFIREWALL This option enable ipfw in Kernel. options IPFIREWALL_VERBOSE Enable logging with ipfw. If this option is set in kernel, net.inet.ip.fw.verbose sysctl variable is set to 1, allowing to log ipfw (log keyword in ipfw). options IPFIREWALL_VERBOSE_LIMIT=value This option controls how many matching packets will be logged per rule, before logging is disabled. This option acts as a hard limit for firewalls that have not set logamount variable. This variable can be changed with sysctl variable: net.inet.ip.fw.verbose_limit.options IPFIREWALL_DEFAULT_TO_ACCEPT By default if ipfw is enabled in kernel (or loaded as module) it will add a rule to block everything. This option will reverse this, allowing all traffic through the firewall. This option is not recommended for production firewalls, and is sometimes used for testing purposes. options IPFIREWALL_FORWARD This option allows you to use fwd keyword in your ipfw rule, to direct traffic to hosts or ports you want. For example you want to redirect all traffic that has destination port 80 (www) to a server from your LAN. options IPSTEALTH This option is used for by firewall not to decrement time to live (TTL) value. This is used to hide presence of your firewall for outside world (your firewall will not be seen with traceroute command). |
Freebsd Check Kernel Options
Hello,
I'm running FreeBSD 5.3 Stable, installed from an iso on one
of the dutch ftp mirrors. Everything works fine, installation
went as expected. After a while I wanted some simple traffic
shaping, and since the machine I wanted that for isn't the
fastest, I chose to use ipfw with dummynet. From what I read
that was not very resource-intensive.
I recompiled the kernel, copied the GENERIC and added the
following options:
options IPFIREWALL #ipfw
options DUMMYNET #dummynet
options HZ=1000 #strongly recommended
I looked into both the ipfw and dummynet manpages, and I under-
stood this would be all that was needed.
The compiling went fine, ipfw works, dummynet doesn't. I can
add pipes, but configurating bandwith (or actually, just 'ipfw
pipe 1 config' is enough), gives me the following error:
ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Protocol not available
I tried the usual, looking into the handbook, faq, and searching
newsgroups and the web. Everything there tells me that DUMMYNET
isn't in my kernel options. I checked numerous times, and it is
really there.
Is there any way I could check if it really compiled? I vaguely
remember something containing the word dummynet flashing by
while compiling.
Any advice is appreciated,
Lucas
Freebsd Kernel Options List
Config kernelname root on rootdevice. This line specifies the location and name of the kernel. Traditionally the kernel is called vmunix but in FreeBSD, it is aptly named kernel. You should always use kernel for kernelname because changing it will render numerous system utilities inoperative. The second part of the line specifies the disk.