xref: /freebsd/share/man/man4/ipfirewall.4 (revision 7646a8416114491293309154d20748ea6764d42b) 
1.\"
2.\" $FreeBSD$
3.\"
4.Dd September 1, 2006
5.Dt IPFW 4
6.Os
7.Sh NAME
8.Nm ipfw
9.Nd IP packet filter and traffic accounting
10.Sh SYNOPSIS
11To compile
12the driver
13into the kernel, place the following option in the kernel configuration
14file:
15.Bd -ragged -offset indent
16.Cd "options IPFIREWALL"
17.Ed
18.Pp
19Other related kernel options
20which may also be useful are:
21.Bd -ragged -offset indent
22.Cd "options IPFIREWALL_DEFAULT_TO_ACCEPT"
23.Cd "options IPFIREWALL_FORWARD"
24.Cd "options IPFIREWALL_VERBOSE"
25.Cd "options IPFIREWALL_VERBOSE_LIMIT=100"
26.Ed
27.Pp
28To load
29the driver
30as a module at boot time, add the following line into the
31.Xr loader.conf 5
32file:
33.Bd -literal -offset indent
34ipfw_load="YES"
35.Ed
36.Sh DESCRIPTION
37The
38.Nm
39system facility allows filtering,
40redirecting, and other operations on
41.Tn IP
42packets travelling through
43network interfaces.
44.Pp
45The default behavior of
46.Nm
47is to block all incoming and outgoing traffic.
48This behavior can be modified, to allow all traffic through the
49.Nm
50firewall by default, by enabling the
51.Dv IPFIREWALL_DEFAULT_TO_ACCEPT
52kernel option.
53This option may be useful when configuring
54.Nm
55for the first time.
56If the default
57.Nm
58behavior is to allow everything, it is easier to cope with
59firewall-tuning mistakes which may accidentally block all traffic.
60.Pp
61To enable logging of packets passing through
62.Nm ,
63enable the
64.Dv IPFIREWALL_VERBOSE
65kernel option.
66The
67.Dv IPFIREWALL_VERBOSE_LIMIT
68option will prevent
69.Xr syslogd 8
70from flooding system logs or causing local Denial of Service.
71This option may be set to the number of packets which will be logged on
72a per-entry basis before the entry is rate-limited.
73.Pp
74Policy routing and transparent forwarding features of
75.Nm
76can be enabled by
77.Dv IPFIREWALL_FORWARD
78kernel option.
79.Pp
80The user interface for
81.Nm
82is implemented by the
83.Xr ipfw 8
84utility, so please refer to the
85.Xr ipfw 8
86manpage for a complete description of the
87.Nm
88capabilities and how to use it.
89.Sh SEE ALSO
90.Xr setsockopt 2 ,
91.Xr divert 4 ,
92.Xr ip 4 ,
93.Xr ipfw 8 ,
94.Xr sysctl 8 ,
95.Xr syslogd 8 ,
96.Xr pfil 9
97