Firewall Wizards mailing list archives
Re: Kernel options for FW?
From: Darren Reed <darrenr () cyber com au>
Date: Sun, 21 Dec 1997 22:01:36 +1100 (EST)
In some mail I received from Adam Shostack, sie wrote
(This is not meant to spark a religious war. I'm asking for help configuring a kernel, and comparing kernel security features between FreeBSD and NetBSD to make a reasonable decision.) On Netbsd, I'd enable the following options. I can't find equivilents to these on FreeBSD. Do they exist, and what are they? Also, I know Freebsd sets kernel security wrong (-1) by default, and that needs to be fixed. Are there other things that I should know about on Freebsd to do everything right?
I'm using FreeBSD 2.2.5 here...
options IPFORWSRCRT=0 //Turn off source routing.
net.inet.ip.sourceroute: 0
options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't //need to run as root.
net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 Might be worth investigating for what these can offer to you. I've not played with these but it might be interesting :-) Although, I think these affect what binding to port 0 does... [...] You should check that the following sysctl variable is off unless you need it on: net.inet.ip.forwarding You might also want to think about net.inet.ip.redirect
Current thread:
- Kernel options for FW? Adam Shostack (Dec 19)
- Re: Kernel options for FW? Brian Mitchell (Dec 19)
- Re: Kernel options for FW? Alex Nash (Dec 19)
- Re: Kernel options for FW? Cy Schubert - ITSD Open Systems Group (Dec 19)
- Re: Kernel options for FW? Darren Reed (Dec 21)
- Re: Kernel options for FW? Darren Reed (Dec 21)