c21fd23260
compile option. All FreeBSD packet filters now use the PFIL_HOOKS API and thus it becomes a standard part of the network stack. If no hooks are connected the entire packet filter hooks section and related activities are jumped over. This removes any performance impact if no hooks are active. Both OpenBSD and DragonFlyBSD have integrated PFIL_HOOKS permanently as well.
58 lines
903 B
Groff
58 lines
903 B
Groff
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd October 28, 2002
|
|
.Dt IPFW 4
|
|
.Os
|
|
.Sh NAME
|
|
.Nm ipfw
|
|
.Nd IP packet filter and traffic accounting
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
system facility allows filtering,
|
|
redirecting, and other operations on
|
|
.Tn IP
|
|
packets travelling through
|
|
network interfaces.
|
|
.Pp
|
|
The user interface for
|
|
.Nm
|
|
is implemented by the
|
|
.Xr ipfw 8
|
|
utility, so please refer to the
|
|
.Xr ipfw 8
|
|
manpage for a complete description of the
|
|
.Nm
|
|
capabilities and how to use it.
|
|
.Ss Kernel Options
|
|
The following options in the kernel configuration file are related to
|
|
.Nm
|
|
operation:
|
|
.Pp
|
|
.Bl -tag -width ".Dv IPFIREWALL_VERBOSE_LIMIT" -compact
|
|
.It Dv IPFIREWALL
|
|
enable
|
|
.Nm
|
|
.It Dv IPFIREWALL_VERBOSE
|
|
enable
|
|
.Nm
|
|
logging
|
|
.It Dv IPFIREWALL_VERBOSE_LIMIT
|
|
limit
|
|
.Nm
|
|
logging
|
|
.It Dv IPDIVERT
|
|
enable
|
|
.Xr divert 4
|
|
sockets
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr setsockopt 2 ,
|
|
.Xr divert 4 ,
|
|
.Xr ip 4 ,
|
|
.Xr ipfw 8 ,
|
|
.Xr sysctl 8 ,
|
|
.Xr syslogd 8 ,
|
|
.Xr pfil 9
|