xref: /freebsd/share/man/man4/ipfirewall.4 (revision 7ebbc96c8d2cb52041f509b69a0d49f4c90a6103) 
1.\"
2.\" $FreeBSD$
3.\"
4.Dd September 1, 2006
5.Dt IPFW 4
6.Os
7.Sh NAME
8.Nm ipfw
9.Nd IP packet filter and traffic accounting
10.Sh SYNOPSIS
11To compile
12.Ns Nm
13into the kernel, place the following option in the kernel configuration
14file:
15.Bd -ragged -offset indent
16.Cd "options IPFIREWALL"
17.Ed
18.Pp
19Other kernel options related to
20.Ns Nm
21which may also be useful are:
22.Bd -ragged -offset indent
23.Cd "options IPFIREWALL_DEFAULT_TO_ACCEPT"
24.Cd "options IPFIREWALL_FORWARD"
25.Cd "options IPFIREWALL_VERBOSE"
26.Cd "options IPFIREWALL_VERBOSE_LIMIT=100"
27.Ed
28.Pp
29To load
30.Ns Nm
31as a module at boot time, add the following line into the
32.Xr loader.conf 5
33file:
34.Bd -literal -offset indent
35ipfw_load="YES"
36.Ed
37.Sh DESCRIPTION
38The
39.Nm
40system facility allows filtering,
41redirecting, and other operations on
42.Tn IP
43packets travelling through
44network interfaces.
45.Pp
46The default behavior of
47.Nm
48is to block all incoming and outgoing traffic.
49This behavior can be modified, to allow all traffic through the
50.Nm
51firewall by default, by enabling the
52.Dv IPFIREWALL_DEFAULT_TO_ACCEPT
53kernel option.
54This option may be useful when configuring
55.Nm
56for the first time.
57If the default
58.Nm
59behavior is to allow everything, it is easier to cope with
60firewall-tuning mistakes which may accidentally block all traffic.
61.Pp
62To enable logging of packets passing through
63.Nm ,
64enable the
65.Dv IPFIREWALL_VERBOSE
66kernel option.
67The
68.Dv IPFIREWALL_VERBOSE_LIMIT
69option will prevent
70.Xr syslogd 8
71from flooding system logs or causing local Denial of Service.
72This option may be set to the number of packets which will be logged on
73a per-entry basis before the entry is rate-limited.
74.Pp
75Policy routing and transparent forwarding features of
76.Nm
77can be enabled by
78.Dv IPFIREWALL_FORWARD
79kernel option.
80.Pp
81The user interface for
82.Nm
83is implemented by the
84.Xr ipfw 8
85utility, so please refer to the
86.Xr ipfw 8
87manpage for a complete description of the
88.Nm
89capabilities and how to use it.
90.Sh SEE ALSO
91.Xr setsockopt 2 ,
92.Xr divert 4 ,
93.Xr ip 4 ,
94.Xr ipfw 8 ,
95.Xr sysctl 8 ,
96.Xr syslogd 8 ,
97.Xr pfil 9
98