9 .Nd IP packet filter and traffic accounting
13 into the kernel, place the following option in the kernel configuration
15 .Bd -ragged -offset indent
16 .Cd "options IPFIREWALL"
19 Other kernel options related to
21 which may also be useful are:
22 .Bd -ragged -offset indent
23 .Cd "options IPFIREWALL_DEFAULT_TO_ACCEPT"
24 .Cd "options IPFIREWALL_VERBOSE"
25 .Cd "options IPFIREWALL_VERBOSE_LIMIT=100"
30 as a module at boot time, add the following line into the
33 .Bd -literal -offset indent
39 system facility allows filtering,
40 redirecting, and other operations on
42 packets travelling through
45 The default behavior of
47 is to block all incoming and outgoing traffic.
48 This behavior can be modified, to allow all traffic through the
50 firewall by default, by enabling the
51 .Dv IPFIREWALL_DEFAULT_TO_ACCEPT
53 This option may be useful when configuring
58 behavior is to allow everything, it is easier to cope with
59 firewall-tuning mistakes which may accidentally block all traffic.
61 To enable logging of packets passing through
64 .Dv IPFIREWALL_VERBOSE
67 .Dv IPFIREWALL_VERBOSE_LIMIT
70 from flooding system logs or causing local Denial of Service.
71 This option may be set to the number of packets which will be logged on
72 a per-entry basis before the entry is rate-limited.
74 The user interface for
78 utility, so please refer to the
80 manpage for a complete description of the
82 capabilities and how to use it.