9 .Nd IP packet filter and traffic accounting
13 into the kernel, place the following option in the kernel configuration
15 .Bd -ragged -offset indent
16 .Cd "options IPFIREWALL"
19 Other related kernel options
20 which may also be useful are:
21 .Bd -ragged -offset indent
22 .Cd "options IPFIREWALL_DEFAULT_TO_ACCEPT"
23 .Cd "options IPFIREWALL_VERBOSE"
24 .Cd "options IPFIREWALL_VERBOSE_LIMIT=100"
29 as a module at boot time, add the following line into the
32 .Bd -literal -offset indent
38 system facility allows filtering,
39 redirecting, and other operations on
41 packets travelling through
44 The default behavior of
46 is to block all incoming and outgoing traffic.
47 This behavior can be modified, to allow all traffic through the
49 firewall by default, by enabling the
50 .Dv IPFIREWALL_DEFAULT_TO_ACCEPT
52 This option may be useful when configuring
57 behavior is to allow everything, it is easier to cope with
58 firewall-tuning mistakes which may accidentally block all traffic.
60 To enable logging of packets passing through
63 .Dv IPFIREWALL_VERBOSE
66 .Dv IPFIREWALL_VERBOSE_LIMIT
69 from flooding system logs or causing local Denial of Service.
70 This option may be set to the number of packets which will be logged on
71 a per-entry basis before the entry is rate-limited.
73 The user interface for
77 utility, so please refer to the
79 manpage for a complete description of the
81 capabilities and how to use it.